* provided
*/
#ifndef OPENSSL_NO_PSK
- || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
+ || ((alg_k & SSL_kPSK) && s->cert->psk_identity_hint)
#endif
|| (alg_k & SSL_kDHE)
|| (alg_k & SSL_kECDHE)
*/
#ifndef OPENSSL_NO_PSK
/* Only send SKE if we have identity hint for plain PSK */
- || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) && s->ctx->psk_identity_hint)
+ || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) && s->cert->psk_identity_hint)
/* For other PSK always send SKE */
|| (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
#endif
* reserve size for record length and PSK identity hint
*/
n += 2;
- if (s->ctx->psk_identity_hint)
- n += strlen(s->ctx->psk_identity_hint);
+ if (s->cert->psk_identity_hint)
+ n += strlen(s->cert->psk_identity_hint);
}
/* Plain PSK or RSAPSK nothing to do */
if (type & (SSL_kPSK | SSL_kRSAPSK)) {
#ifndef OPENSSL_NO_PSK
if (type & SSL_PSK) {
/* copy PSK identity hint */
- if (s->ctx->psk_identity_hint) {
- s2n(strlen(s->ctx->psk_identity_hint), p);
- strncpy((char *)p, s->ctx->psk_identity_hint,
- strlen(s->ctx->psk_identity_hint));
- p += strlen(s->ctx->psk_identity_hint);
+ if (s->cert->psk_identity_hint) {
+ s2n(strlen(s->cert->psk_identity_hint), p);
+ strncpy((char *)p, s->cert->psk_identity_hint,
+ strlen(s->cert->psk_identity_hint));
+ p += strlen(s->cert->psk_identity_hint);
} else {
s2n(0, p);
}
if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
goto err;
+ if (cert->psk_identity_hint) {
+ ret->psk_identity_hint = BUF_strdup(cert->psk_identity_hint);
+ if (ret->psk_identity_hint == NULL)
+ goto err;
+ }
+
return (ret);
err:
X509_STORE_free(c->chain_store);
custom_exts_free(&c->cli_ext);
custom_exts_free(&c->srv_ext);
+#ifndef OPENSSL_NO_PSK
+ OPENSSL_free(c->psk_identity_hint);
+#endif
OPENSSL_free(c);
}
#ifndef OPENSSL_NO_SRTP
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
#endif
-#ifndef OPENSSL_NO_PSK
- OPENSSL_free(a->psk_identity_hint);
-#endif
#ifndef OPENSSL_NO_SRP
SSL_CTX_SRP_CTX_free(a);
#endif
SSL_R_DATA_LENGTH_TOO_LONG);
return 0;
}
- OPENSSL_free(ctx->psk_identity_hint);
+ OPENSSL_free(ctx->cert->psk_identity_hint);
if (identity_hint != NULL) {
- ctx->psk_identity_hint = BUF_strdup(identity_hint);
- if (ctx->psk_identity_hint == NULL)
+ ctx->cert->psk_identity_hint = BUF_strdup(identity_hint);
+ if (ctx->cert->psk_identity_hint == NULL)
return 0;
} else
- ctx->psk_identity_hint = NULL;
+ ctx->cert->psk_identity_hint = NULL;
return 1;
}
if (s == NULL)
return 0;
- if (s->session == NULL)
- return 1; /* session not created yet, ignored */
-
if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
return 0;
}
- OPENSSL_free(s->session->psk_identity_hint);
+ OPENSSL_free(s->cert->psk_identity_hint);
if (identity_hint != NULL) {
- s->session->psk_identity_hint = BUF_strdup(identity_hint);
- if (s->session->psk_identity_hint == NULL)
+ s->cert->psk_identity_hint = BUF_strdup(identity_hint);
+ if (s->cert->psk_identity_hint == NULL)
return 0;
} else
- s->session->psk_identity_hint = NULL;
+ s->cert->psk_identity_hint = NULL;
return 1;
}
void *tlsext_status_arg;
# ifndef OPENSSL_NO_PSK
- char *psk_identity_hint;
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
/* Security level */
int sec_level;
void *sec_ex;
+#ifndef OPENSSL_NO_PSK
+ /* If not NULL psk identity hint to use for servers */
+ char *psk_identity_hint;
+#endif
int references; /* >1 only if SSL_copy_session_id is used */
} CERT;
projects / oweals / openssl.git / commitdiff