Google Git
Sign in
flutter/third_party/openssl/a5ee80b910089b8ce3b56d29822f4ded576cce8a^!/./ssl
commit
a5ee80b910089b8ce3b56d29822f4ded576cce8a
[log]
author
Dr. Stephen Henson <steve@openssl.org>
Mon Jun 18 12:56:59 2012 +0000
committer
Dr. Stephen Henson <steve@openssl.org>
Mon Jun 18 12:56:59 2012 +0000
tree
f95a10e0315c682cdcb7f06eb429d213a157294d
parent
93ab9e421e4517b81d11ca741d55e6bb6f696c40 [diff]
Make it possible to delete all certificates from an SSL structure.

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 17bdc5a..c782868 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h

@@ -1922,6 +1922,7 @@
 char *SSL_get_srp_userinfo(SSL *s);
 #endif
 
+void	SSL_certs_clear(SSL *s);
 void	SSL_free(SSL *ssl);
 int 	SSL_accept(SSL *ssl);
 int 	SSL_connect(SSL *ssl);

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index fcf462d..64d6f8a 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -379,21 +379,42 @@
 		EC_KEY_free(ret->ecdh_tmp);
 #endif
 
-	for (i = 0; i < SSL_PKEY_NUM; i++)
-		{
-		CERT_PKEY *rpk = ret->pkeys + i;
-		if (rpk->x509 != NULL)
-			X509_free(rpk->x509);
-		if (rpk->privatekey != NULL)
-			EVP_PKEY_free(rpk->privatekey);
-		if (rpk->chain)
-			sk_X509_pop_free(rpk->chain, X509_free);
-		}
-
+	ssl_cert_clear_certs(ret);
 
 	return NULL;
 	}
 
+/* Free up and clear all certificates and chains */
+
+void ssl_cert_clear_certs(CERT *c)
+	{
+	int i;
+	if (c == NULL)
+		return;
+	for (i = 0; i<SSL_PKEY_NUM; i++)
+		{
+		CERT_PKEY *cpk = c->pkeys + i;
+		if (cpk->x509)
+			{
+			X509_free(cpk->x509);
+			cpk->x509 = NULL;
+			}
+		if (cpk->privatekey)
+			{
+			EVP_PKEY_free(cpk->privatekey);
+			cpk->privatekey = NULL;
+			}
+		if (cpk->chain)
+			{
+			sk_X509_pop_free(cpk->chain, X509_free);
+			cpk->chain = NULL;
+			}
+#ifndef OPENSSL_NO_TLSEXT
+                if (cpk->authz != NULL)
+			OPENSSL_free(cpk->authz);
+#endif
+		}
+	}
 
 void ssl_cert_free(CERT *c)
 	{
@@ -425,24 +446,7 @@
 	if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
 #endif
 
-	for (i=0; i<SSL_PKEY_NUM; i++)
-		{
-		CERT_PKEY *cpk = c->pkeys + i;
-		if (cpk->x509 != NULL)
-			X509_free(cpk->x509);
-		if (cpk->privatekey != NULL)
-			EVP_PKEY_free(cpk->privatekey);
-		if (cpk->chain)
-			sk_X509_pop_free(cpk->chain, X509_free);
-#if 0
-		if (c->pkeys[i].publickey != NULL)
-			EVP_PKEY_free(c->pkeys[i].publickey);
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-                if (c->pkeys[i].authz != NULL)
-			OPENSSL_free(c->pkeys[i].authz);
-#endif
-		}
+	ssl_cert_clear_certs(c);
 	if (c->sigalgs)
 		OPENSSL_free(c->sigalgs);
 	OPENSSL_free(c);

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index dc9a866..c291ee2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -525,6 +525,11 @@
 	return X509_VERIFY_PARAM_set1(ssl->param, vpm);
 	}
 
+void SSL_certs_clear(SSL *s)
+	{
+	ssl_cert_clear_certs(s->cert);
+	}
+
 void SSL_free(SSL *s)
 	{
 	int i;

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 872bce6..622648f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h

@@ -831,6 +831,7 @@
 CERT *ssl_cert_new(void);
 CERT *ssl_cert_dup(CERT *cert);
 int ssl_cert_inst(CERT **o);
+void ssl_cert_clear_certs(CERT *c);
 void ssl_cert_free(CERT *c);
 SESS_CERT *ssl_sess_cert_new(void);
 void ssl_sess_cert_free(SESS_CERT *sc);