diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2001-09-11 13:08:51 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-09-11 13:08:51 +0000 |
commit | c0f5dd070b7fa701b0d72e909206bffd4b7031dc (patch) | |
tree | 8ef1b563b58c37398ce1ff1707b5e531f654793a /ssl/ssl_lib.c | |
parent | 9d7a8d3578af0728855803ef119be6ca2c79b2a5 (diff) | |
download | openssl-c0f5dd070b7fa701b0d72e909206bffd4b7031dc.zip openssl-c0f5dd070b7fa701b0d72e909206bffd4b7031dc.tar.gz openssl-c0f5dd070b7fa701b0d72e909206bffd4b7031dc.tar.bz2 |
Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8aec403..89c3c2d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -234,6 +234,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; s->options=ctx->options; s->mode=ctx->mode; + s->max_cert_list=ctx->max_cert_list; s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */ SSL_clear(s); @@ -851,6 +852,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) return(s->options|=larg); case SSL_CTRL_MODE: return(s->mode|=larg); + case SSL_CTRL_GET_MAX_CERT_LIST: + return(s->max_cert_list); + case SSL_CTRL_SET_MAX_CERT_LIST: + l=s->max_cert_list; + s->max_cert_list=larg; + return(l); default: return(s->method->ssl_ctrl(s,cmd,larg,parg)); } @@ -882,6 +889,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg) l=ctx->read_ahead; ctx->read_ahead=larg; return(l); + case SSL_CTRL_GET_MAX_CERT_LIST: + return(ctx->max_cert_list); + case SSL_CTRL_SET_MAX_CERT_LIST: + l=ctx->max_cert_list; + ctx->max_cert_list=larg; + return(l); case SSL_CTRL_SET_SESS_CACHE_SIZE: l=ctx->session_cache_size; @@ -1221,6 +1234,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) ret->app_verify_callback=NULL; ret->app_verify_arg=NULL; + ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; ret->read_ahead=0; ret->verify_mode=SSL_VERIFY_NONE; ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ @@ -1790,6 +1804,7 @@ SSL *SSL_dup(SSL *s) s->sid_ctx, s->sid_ctx_length); } + SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); SSL_set_verify(ret,SSL_get_verify_mode(s), SSL_get_verify_callback(s)); |