diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-02-23 22:12:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-02-24 01:23:38 +0000 |
commit | 75c13e7830653eee4b61dd96ceea7c446c381316 (patch) | |
tree | 8a1286af7062eab979806846bddf3dfb2dd07e9e /ssl/t1_lib.c | |
parent | 8fce04ee3540ba3039bb66df34ea3f076a599ab9 (diff) | |
download | openssl-75c13e7830653eee4b61dd96ceea7c446c381316.zip openssl-75c13e7830653eee4b61dd96ceea7c446c381316.tar.gz openssl-75c13e7830653eee4b61dd96ceea7c446c381316.tar.bz2 |
Tidy up certificate type handling.
The certificate types used to be held in a fixed length array or (if
it was too long) a malloced buffer. This was done to retain binary
compatibility. The code can be simplified now SSL is opaque by always
using a malloced buffer.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2733)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f13c0ad..8b31e84 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2009,25 +2009,20 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, break; } if (check_type) { - const unsigned char *ctypes; - int ctypelen; - if (c->ctypes) { - ctypes = c->ctypes; - ctypelen = (int)c->ctype_num; - } else { - ctypes = (unsigned char *)s->s3->tmp.ctype; - ctypelen = s->s3->tmp.ctype_num; - } - for (i = 0; i < ctypelen; i++) { - if (ctypes[i] == check_type) { + const uint8_t *ctypes = s->s3->tmp.ctype; + size_t j; + + for (j = 0; j < s->s3->tmp.ctype_len; j++, ctypes++) { + if (*ctypes == check_type) { rv |= CERT_PKEY_CERT_TYPE; break; } } if (!(rv & CERT_PKEY_CERT_TYPE) && !check_flags) goto end; - } else + } else { rv |= CERT_PKEY_CERT_TYPE; + } ca_dn = s->s3->tmp.ca_names; |