diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-09-14 17:58:04 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-09-14 19:52:27 +0100 |
| commit | df6da24bda457b724ba3e894e6c329a9b93d536f (patch) | |
| tree | 3296a79122416d0d6dd31c6268ad6c92ba2fa2f1 /ssl/ssl_cert.c | |
| parent | aabd49232025807babe995006a46c4c7815ce868 (diff) | |
| download | openssl-df6da24bda457b724ba3e894e6c329a9b93d536f.zip openssl-df6da24bda457b724ba3e894e6c329a9b93d536f.tar.gz openssl-df6da24bda457b724ba3e894e6c329a9b93d536f.tar.bz2 | |
Fix PSK identity hint handling.
For server use a PSK identity hint value in the CERT structure which
is inherited when SSL_new is called and which allows applications to
set hints on a per-SSL basis. The previous version of
SSL_use_psk_identity_hint tried (wrongly) to use the SSL_SESSION structure.
PR#4039
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/ssl_cert.c')
| -rw-r--r-- | ssl/ssl_cert.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 555b1d7..05a4447 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -334,6 +334,12 @@ CERT *ssl_cert_dup(CERT *cert) if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext)) goto err; + if (cert->psk_identity_hint) { + ret->psk_identity_hint = BUF_strdup(cert->psk_identity_hint); + if (ret->psk_identity_hint == NULL) + goto err; + } + return (ret); err: @@ -402,6 +408,9 @@ void ssl_cert_free(CERT *c) X509_STORE_free(c->chain_store); custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); +#ifndef OPENSSL_NO_PSK + OPENSSL_free(c->psk_identity_hint); +#endif OPENSSL_free(c); } |