提交 9de014a7 编写于 作者: D Dr. Stephen Henson

Update from 0.9.8-stable

上级 4f761f59
......@@ -808,6 +808,10 @@
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
*) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
and restored.
[Steve Henson]
*) Fix the server certificate chain building code to use X509_verify_cert(),
it used to have an ad-hoc builder which was unable to cope with anything
other than a simple chain.
......
......@@ -94,6 +94,7 @@ typedef struct ssl_session_asn1_st
ASN1_INTEGER version;
ASN1_INTEGER ssl_version;
ASN1_OCTET_STRING cipher;
ASN1_OCTET_STRING comp_id;
ASN1_OCTET_STRING master_key;
ASN1_OCTET_STRING session_id;
ASN1_OCTET_STRING session_id_context;
......@@ -119,11 +120,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
{
#define LSIZE2 (sizeof(long)*2)
int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2], cbuf;
unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
#ifndef OPENSSL_NO_TLSEXT
int v6=0,v9=0,v10=0;
unsigned char ibuf6[LSIZE2];
#endif
#ifndef OPENSSL_NO_COMP
int v11=0;
#endif
long l;
SSL_SESSION_ASN1 a;
......@@ -168,6 +172,16 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
buf[1]=((unsigned char)(l ))&0xff;
}
#ifndef OPENSSL_NO_COMP
if (in->compress_meth)
{
cbuf = (unsigned char)in->compress_meth;
a.comp_id.length = 1;
a.comp_id.type = V_ASN1_OCTET_STRING;
a.comp_id.data = &cbuf;
}
#endif
a.master_key.length=in->master_key_length;
a.master_key.type=V_ASN1_OCTET_STRING;
a.master_key.data=in->master_key;
......@@ -287,6 +301,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
if (in->tlsext_hostname)
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
#ifndef OPENSSL_NO_COMP
if (in->compress_meth)
M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
#endif
#endif /* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_PSK
if (in->psk_identity_hint)
......@@ -334,6 +352,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
if (in->tlsext_tick)
M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
#endif /* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_COMP
if (in->compress_meth)
M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
#endif
M_ASN1_I2D_finish();
}
......@@ -573,6 +595,17 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
else
ret->tlsext_tick=NULL;
#endif /* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_COMP
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
if (os.data)
{
ret->compress_meth = os.data[0];
OPENSSL_free(os.data);
os.data = NULL;
}
#endif
M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
}
......@@ -211,11 +211,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp);
if (comp == NULL)
{
if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
}
else
{
if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
}
}
#endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册