提交 98e04f9e 编写于 作者: B Bodo Möller

Comments for SSL_get_peer_cert_chain inconsistency.

上级 6e9aee57
...@@ -772,6 +772,8 @@ static int ssl3_get_server_certificate(SSL *s) ...@@ -772,6 +772,8 @@ static int ssl3_get_server_certificate(SSL *s)
s->session->sess_cert=sc; s->session->sess_cert=sc;
sc->cert_chain=sk; sc->cert_chain=sk;
/* Inconsistency alert: cert_chain does include the peer's
* certificate, which we don't include in s3_srvr.c */
x=sk_X509_value(sk,0); x=sk_X509_value(sk,0);
sk=NULL; sk=NULL;
......
...@@ -1698,6 +1698,8 @@ static int ssl3_get_client_certificate(SSL *s) ...@@ -1698,6 +1698,8 @@ static int ssl3_get_client_certificate(SSL *s)
if (s->session->sess_cert->cert_chain != NULL) if (s->session->sess_cert->cert_chain != NULL)
sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
s->session->sess_cert->cert_chain=sk; s->session->sess_cert->cert_chain=sk;
/* Inconsistency alert: cert_chain does *not* include the
* peer's own certificate, while we do include it in s3_clnt.c */
sk=NULL; sk=NULL;
......
...@@ -599,6 +599,9 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s) ...@@ -599,6 +599,9 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
else else
r=s->session->sess_cert->cert_chain; r=s->session->sess_cert->cert_chain;
/* If we are a client, cert_chain includes the peer's own
* certificate; if we are a server, it does not. */
return(r); return(r);
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册