diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2022-08-17 07:39:20 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2022-08-17 07:39:20 +0000 |
| commit | 9eb17c6a00fa80090259fc2f920e4d862f34a935 (patch) | |
| tree | 9d9b44cfbf84f1aa6f6d00166ef57294850f140d /lib/libssl/Makefile | |
| parent | 6ee9c9571695367e661335d59784c723d62c3f11 (diff) | |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.
ok tb@
Diffstat (limited to 'lib/libssl/Makefile')
| -rw-r--r-- | lib/libssl/Makefile | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libssl/Makefile b/lib/libssl/Makefile index d0d7bc4e02b..1788cd75a3a 100644 --- a/lib/libssl/Makefile +++ b/lib/libssl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.76 2022/07/24 14:28:16 jsing Exp $ +# $OpenBSD: Makefile,v 1.77 2022/08/17 07:39:19 jsing Exp $ .include <bsd.own.mk> .ifndef NOMAN @@ -85,7 +85,8 @@ SRCS= \ tls13_server.c \ tls_buffer.c \ tls_content.c \ - tls_key_share.c + tls_key_share.c \ + tls_lib.c HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h |