From: Dr. Stephen Henson Date: Thu, 22 Dec 2011 15:01:16 +0000 (+0000) Subject: New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. X-Git-Tag: OpenSSL_1_0_1-beta1~23 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f5575cd16740147e5d0cfc4bd66edf00ab0bf5d1;p=oweals%2Fopenssl.git New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. New function to retrieve compression method from SSL_SESSION structure. Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions as they duplicate functionality of SSL_SESSION_get_id. Note: these functions have never appeared in any release version of OpenSSL. --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d3f636a095..5b54b41445 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3604,6 +3604,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) sk_X509_push(ctx->extra_certs,(X509 *)parg); break; + case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: + *(STACK_OF(X509) **)parg = ctx->extra_certs; + break; + + case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: + if (ctx->extra_certs) + { + sk_X509_pop_free(ctx->extra_certs, X509_free); + ctx->extra_certs = NULL; + } + break; + default: return(0); } diff --git a/ssl/ssl.h b/ssl/ssl.h index 5f4fb6bd42..698ef4d73a 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1586,6 +1586,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_CLEAR_OPTIONS 77 #define SSL_CTRL_CLEAR_MODE 78 +#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 + #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) #define DTLSv1_handle_timeout(ssl) \ @@ -1622,6 +1625,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +#define SSL_CTX_get_extra_chain_cert(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERT,0,px509) +#define SSL_CTX_clear_extra_chain_cert(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERT,0,NULL) #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); @@ -1715,8 +1722,6 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t); long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); void SSL_copy_session_id(SSL *to,const SSL *from); -unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s); -const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s); X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -1724,6 +1729,7 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, SSL_SESSION *SSL_SESSION_new(void); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); +unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); #ifndef OPENSSL_NO_FP_API int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); #endif diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c6438a81e1..ad40fadd02 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -231,6 +231,11 @@ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) return s->session_id; } +unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) + { + return s->compress_meth; + } + /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly * until we have no conflict is going to complete in one iteration pretty much @@ -864,16 +869,6 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t) return(t); } -unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s) - { - return s->session_id_length; - } - -const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s) - { - return s->session_id; - } - X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) { return s->peer;