CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2022/08/17 01:39:19
Modified files:
lib/libssl : Makefile s3_lib.c ssl_clnt.c ssl_lib.c
ssl_locl.h ssl_sess.c ssl_srvr.c tls13_client.c
tls13_server.c
Added files:
lib/libssl : tls_lib.c
Log message:
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.
ok tb@
