New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure.
Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 972e792..1b0bdb8 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3609,6 +3609,18 @@
sk_X509_push(ctx->extra_certs,(X509 *)parg);
break;
+ case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
+ *(STACK_OF(X509) **)parg = ctx->extra_certs;
+ break;
+
+ case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
+ if (ctx->extra_certs)
+ {
+ sk_X509_pop_free(ctx->extra_certs, X509_free);
+ ctx->extra_certs = NULL;
+ }
+ break;
+
default:
return(0);
}
diff --git a/ssl/ssl.h b/ssl/ssl.h
index e7b6bc5..e781015 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1595,6 +1595,9 @@
#define SSL_CTRL_CLEAR_MODE 78
#define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79
+#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
+#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@@ -1631,6 +1634,10 @@
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+#define SSL_CTX_get_extra_chain_cert(ctx,px509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERT,0,px509)
+#define SSL_CTX_clear_extra_chain_cert(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERT,0,NULL)
#ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void);
@@ -1724,8 +1731,6 @@
long SSL_SESSION_get_timeout(const SSL_SESSION *s);
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
void SSL_copy_session_id(SSL *to,const SSL *from);
-unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s);
-const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s);
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
@@ -1733,6 +1738,7 @@
SSL_SESSION *SSL_SESSION_new(void);
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
unsigned int *len);
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
#ifndef OPENSSL_NO_FP_API
int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
#endif
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 74e8f7b..05e4fb9 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -231,6 +231,11 @@
return s->session_id;
}
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
+ {
+ return s->compress_meth;
+ }
+
/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
* has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
* until we have no conflict is going to complete in one iteration pretty much
@@ -862,16 +867,6 @@
return(t);
}
-unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s)
- {
- return s->session_id_length;
- }
-
-const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s)
- {
- return s->session_id;
- }
-
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
{
return s->peer;
