New structure type SESS_CERT used instead of CERT inside SSL_SESSION.
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index fa48f0e..b063be2 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -275,18 +275,31 @@
CERT_PKEY pkeys[SSL_PKEY_NUM];
- STACK_OF(X509) *cert_chain; /* XXX should only exist in sess_cert_st */
-
int references; /* >1 only if SSL_copy_session_id is used */
} CERT;
-#if 0 /* XXX not yet */
typedef struct sess_cert_st
-{
- /* anything that we want to keep per session */
-} SESS_CERT;
+ {
+ STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+
+ /* The 'peer_...' members are used only by clients. */
+ int peer_cert_type;
+
+ CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
+ CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
+ /* Obviously we don't have the private keys of these,
+ * so maybe we shouldn't even use the CERT_PKEY type here. */
+
+#ifndef NO_RSA
+ RSA *peer_rsa_tmp; /* not used for SSL 2 */
#endif
+#ifndef NO_DH
+ DH *peer_dh_tmp; /* not used for SSL 2 */
+#endif
+
+ int references; /* actually always 1 at the moment */
+ } SESS_CERT;
/*#define MAC_DEBUG */
@@ -353,13 +366,11 @@
int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
CERT *ssl_cert_dup(CERT *cert);
-#if 1
int ssl_cert_inst(CERT **o);
-#else
-int ssl_cert_instantiate(CERT **o, CERT *d);
-#endif
void ssl_cert_free(CERT *c);
-int ssl_set_cert_type(CERT *c, int type);
+SESS_CERT *ssl_sess_cert_new(void);
+void ssl_sess_cert_free(SESS_CERT *sc);
+int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
