Fix PSK identity hint handling. For server use a PSK identity hint value in the CERT structure which is inherited when SSL_new is called and which allows applications to set hints on a per-SSL basis. The previous version of SSL_use_psk_identity_hint tried (wrongly) to use the SSL_SESSION structure. PR#4039 Reviewed-by: Matt Caswell <matt@openssl.org>

commit: df6da24bda457b724ba3e894e6c329a9b93d536f [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Mon Sep 14 17:58:04 2015 +0100
committer: Dr. Stephen Henson <steve@openssl.org> Mon Sep 14 19:52:27 2015 +0100
tree: 3296a79122416d0d6dd31c6268ad6c92ba2fa2f1
parent: aabd49232025807babe995006a46c4c7815ce868 [diff] [blame]
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 555b1d7..05a4447 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -334,6 +334,12 @@
     if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
         goto err;
 
+    if (cert->psk_identity_hint) {
+        ret->psk_identity_hint = BUF_strdup(cert->psk_identity_hint);
+        if (ret->psk_identity_hint == NULL)
+            goto err;
+    }
+
     return (ret);
 
  err:
@@ -402,6 +408,9 @@
     X509_STORE_free(c->chain_store);
     custom_exts_free(&c->cli_ext);
     custom_exts_free(&c->srv_ext);
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(c->psk_identity_hint);
+#endif
     OPENSSL_free(c);
 }
commit	df6da24bda457b724ba3e894e6c329a9b93d536f	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Mon Sep 14 17:58:04 2015 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	Mon Sep 14 19:52:27 2015 +0100
tree	3296a79122416d0d6dd31c6268ad6c92ba2fa2f1
parent	aabd49232025807babe995006a46c4c7815ce868 [diff] [blame]