Add SSL_get0_verified_chain() to return verified chain of peer Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

commit: 696178edff89f8df0382af0edbd0f723790a86cc [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Sat Feb 06 03:17:23 2016 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Sat Feb 06 18:18:28 2016 +0000
tree: 78902d2aab053ab4df3d4b56db74cc07d8f289af
parent: f3ac50038df0e0739d3bc3da11fdce0dc2939e22 [diff] [blame]
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 2aaf99c..68c8924 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -541,6 +541,15 @@
     }
 
     s->verify_result = ctx.error;
+    sk_X509_pop_free(s->verified_chain, X509_free);
+    s->verified_chain = NULL;
+    if (X509_STORE_CTX_get_chain(&ctx) != NULL) {
+        s->verified_chain = X509_STORE_CTX_get1_chain(&ctx);
+        if (s->verified_chain == NULL) {
+            SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+            i = 0;
+        }
+    }
 
     /* Move peername from the store context params to the SSL handle's */
     X509_VERIFY_PARAM_move_peername(s->param, param);
commit	696178edff89f8df0382af0edbd0f723790a86cc	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Sat Feb 06 03:17:23 2016 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Sat Feb 06 18:18:28 2016 +0000
tree	78902d2aab053ab4df3d4b56db74cc07d8f289af
parent	f3ac50038df0e0739d3bc3da11fdce0dc2939e22 [diff] [blame]