From: Dr. Stephen Henson Date: Mon, 18 Nov 2013 18:49:46 +0000 (+0000) Subject: New functions to retrieve certificate from SSL_CTX X-Git-Tag: OpenSSL_1_0_2-beta1~153 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2a1b7bd380240e5a1cfb836a6d33b7a772d92851;p=oweals%2Fopenssl.git New functions to retrieve certificate from SSL_CTX New functions to retrieve current certificate or private key from an SSL_CTX. Constify SSL_get_private_key(). (cherry picked from commit a25f9adc778e17568fe2a325e5c3606adb8329f1) --- diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 6d3ee24e4e..8d5b8c380e 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -374,6 +374,10 @@ session instead of a context. =item int B(SSL_CTX *ctx, char *file, int type); +=item X509 *B(const SSL_CTX *ctx); + +=item EVP_PKEY *B(const SSL_CTX *ctx); + =item void B(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); =item int B(SSL_CTX *ctx, const char *hint); @@ -507,7 +511,7 @@ connection defined in the B structure. =item X509 *B(const SSL *ssl); -=item EVP_PKEY *B(SSL *ssl); +=item EVP_PKEY *B(const SSL *ssl); =item int B(const SSL *ssl); diff --git a/ssl/ssl.h b/ssl/ssl.h index 5eb45f902e..1b7fa589d6 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2326,7 +2326,10 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); SSL *SSL_dup(SSL *ssl); X509 *SSL_get_certificate(const SSL *ssl); -/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); +/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f401f6a052..2f2358b249 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3068,7 +3068,6 @@ void ssl_clear_cipher_ctx(SSL *s) #endif } -/* Fix this function so that it takes an optional type parameter */ X509 *SSL_get_certificate(const SSL *s) { if (s->cert != NULL) @@ -3077,8 +3076,7 @@ X509 *SSL_get_certificate(const SSL *s) return(NULL); } -/* Fix this function so that it takes an optional type parameter */ -EVP_PKEY *SSL_get_privatekey(SSL *s) +EVP_PKEY *SSL_get_privatekey(const SSL *s) { if (s->cert != NULL) return(s->cert->key->privatekey); @@ -3086,6 +3084,22 @@ EVP_PKEY *SSL_get_privatekey(SSL *s) return(NULL); } +X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) + { + if (ctx->cert != NULL) + return ctx->cert->key->x509; + else + return NULL; + } + +EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) + { + if (ctx->cert != NULL) + return ctx->cert->key->privatekey; + else + return NULL ; + } + const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL))