mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-28 12:35:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Comments for SSL_get_peer_cert_chain inconsistency.

Browse Source
This commit is contained in:
Bodo Möller 2000-03-27 18:07:45 +00:00
parent 6e9aee5724
commit 98e04f9eeb
3 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_clnt.c
View File

@ -772,6 +772,8 @@ static int ssl3_get_server_certificate(SSL *s)
s->session->sess_cert=sc;
sc->cert_chain=sk;
/* Inconsistency alert: cert_chain does include the peer's
* certificate, which we don't include in s3_srvr.c */
x=sk_X509_value(sk,0);
sk=NULL;

2
ssl/s3_srvr.c
View File

@ -1698,6 +1698,8 @@ static int ssl3_get_client_certificate(SSL *s)
if (s->session->sess_cert->cert_chain != NULL)
sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
s->session->sess_cert->cert_chain=sk;
/* Inconsistency alert: cert_chain does *not* include the
* peer's own certificate, while we do include it in s3_clnt.c */
sk=NULL;

3
ssl/ssl_lib.c
View File

@ -599,6 +599,9 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
else
r=s->session->sess_cert->cert_chain;
/* If we are a client, cert_chain includes the peer's own
* certificate; if we are a server, it does not. */
return(r);
}