No actual change, but the cert_st member of struct ssl_session_st is now
called sess_cert instead of just cert. This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index e0871c4..98c1f18 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -767,8 +767,8 @@
c=ssl_cert_new();
if (c == NULL) goto err;
- if (s->session->cert) ssl_cert_free(s->session->cert);
- s->session->cert=c;
+ if (s->session->sess_cert) ssl_cert_free(s->session->sess_cert);
+ s->session->sess_cert=c;
c->cert_chain=sk;
x=sk_X509_value(sk,0);
@@ -854,26 +854,26 @@
param=p=(unsigned char *)s->init_buf->data;
- if (s->session->cert != NULL)
+ if (s->session->sess_cert != NULL)
{
#ifndef NO_RSA
- if (s->session->cert->rsa_tmp != NULL)
+ if (s->session->sess_cert->rsa_tmp != NULL)
{
- RSA_free(s->session->cert->rsa_tmp);
- s->session->cert->rsa_tmp=NULL;
+ RSA_free(s->session->sess_cert->rsa_tmp);
+ s->session->sess_cert->rsa_tmp=NULL;
}
#endif
#ifndef NO_DH
- if (s->session->cert->dh_tmp)
+ if (s->session->sess_cert->dh_tmp)
{
- DH_free(s->session->cert->dh_tmp);
- s->session->cert->dh_tmp=NULL;
+ DH_free(s->session->sess_cert->dh_tmp);
+ s->session->sess_cert->dh_tmp=NULL;
}
#endif
}
else
{
- s->session->cert=ssl_cert_new();
+ s->session->sess_cert=ssl_cert_new();
}
param_len=0;
@@ -918,16 +918,15 @@
p+=i;
n-=param_len;
-/* s->session->cert->rsa_tmp=rsa;*/
/* this should be because we are using an export cipher */
if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+ pkey=X509_get_pubkey(s->session->sess_cert->pkeys[SSL_PKEY_RSA_ENC].x509);
else
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
goto err;
}
- s->session->cert->rsa_tmp=rsa;
+ s->session->sess_cert->rsa_tmp=rsa;
}
else
#endif
@@ -987,16 +986,16 @@
#ifndef NO_RSA
if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+ pkey=X509_get_pubkey(s->session->sess_cert->pkeys[SSL_PKEY_RSA_ENC].x509);
else
#endif
#ifndef NO_DSA
if (alg & SSL_aDSS)
- pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509);
+ pkey=X509_get_pubkey(s->session->sess_cert->pkeys[SSL_PKEY_DSA_SIGN].x509);
#endif
/* else anonymous DH, so no certificate or pkey. */
- s->session->cert->dh_tmp=dh;
+ s->session->sess_cert->dh_tmp=dh;
dh=NULL;
}
else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
@@ -1312,11 +1311,11 @@
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
- if (s->session->cert->rsa_tmp != NULL)
- rsa=s->session->cert->rsa_tmp;
+ if (s->session->sess_cert->rsa_tmp != NULL)
+ rsa=s->session->sess_cert->rsa_tmp;
else
{
- pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+ pkey=X509_get_pubkey(s->session->sess_cert->pkeys[SSL_PKEY_RSA_ENC].x509);
if ((pkey == NULL) ||
(pkey->type != EVP_PKEY_RSA) ||
(pkey->pkey.rsa == NULL))
@@ -1369,8 +1368,8 @@
{
DH *dh_srvr,*dh_clnt;
- if (s->session->cert->dh_tmp != NULL)
- dh_srvr=s->session->cert->dh_tmp;
+ if (s->session->sess_cert->dh_tmp != NULL)
+ dh_srvr=s->session->sess_cert->dh_tmp;
else
{
/* we get them from the cert */
@@ -1606,7 +1605,7 @@
DH *dh;
#endif
- c=s->session->cert;
+ c=s->session->sess_cert;
if (c == NULL)
{
@@ -1621,10 +1620,10 @@
return(1);
#ifndef NO_RSA
- rsa=s->session->cert->rsa_tmp;
+ rsa=s->session->sess_cert->rsa_tmp;
#endif
#ifndef NO_DH
- dh=s->session->cert->dh_tmp;
+ dh=s->session->sess_cert->dh_tmp;
#endif
/* This is the passed certificate */
