From 83ec5c0d576f6d38ed84b914038e052b525d6828 Mon Sep 17 00:00:00 2001 From: Laszlo Kovacs Date: Wed, 25 Mar 2015 10:50:32 -0400 Subject: [PATCH 13/26] Add SSL_get0_peer_certificate() Add SSL_get0_peer_certificate() function which just returns the pointer to the certificate; SSL_get_peer_certificate() increments the references (cherry picked from commit 10291475b39971cdac733011653af210c33fe992) Conflicts: include/openssl/ssl.h --- include/openssl/ssl.h | 1 + ssl/ssl_lib.c | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 4968c94..8969c51 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1564,6 +1564,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, # ifdef HEADER_X509_H __owur X509 *SSL_get_peer_certificate(const SSL *s); +__owur X509 *SSL_get0_peer_certificate(const SSL *s); # endif __owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 643b356..55567f8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -830,6 +830,24 @@ X509 *SSL_get_peer_certificate(const SSL *s) return (r); } +/* + * Same as SSL_get_peer_certificate() except it doesn't + * increment the ref count of the returned X509* + */ +X509 *SSL_get0_peer_certificate(const SSL *s) +{ + X509 *r = SSL_get_peer_certificate(s); + + /* + * the reference was just incremented, so decrement + * no need for X509_free() overhead + */ + if (r) + CRYPTO_add(&r->references, -1, CRYPTO_LOCK_X509); + + return (r); +} + STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { STACK_OF(X509) *r; -- 2.3.2 (Apple Git-55)