diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-06-18 12:56:59 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-06-18 12:56:59 +0000 |
| commit | a5ee80b910089b8ce3b56d29822f4ded576cce8a (patch) | |
| tree | f95a10e0315c682cdcb7f06eb429d213a157294d /ssl | |
| parent | 93ab9e421e4517b81d11ca741d55e6bb6f696c40 (diff) | |
| download | openssl-a5ee80b910089b8ce3b56d29822f4ded576cce8a.tar.gz | |
Make it possible to delete all certificates from an SSL structure.
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl.h | 1 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 62 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 5 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 1 |
4 files changed, 40 insertions, 29 deletions
@@ -1922,6 +1922,7 @@ char *SSL_get_srp_username(SSL *s); char *SSL_get_srp_userinfo(SSL *s); #endif +void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index fcf462d41a..64d6f8ae3f 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -379,21 +379,42 @@ err: EC_KEY_free(ret->ecdh_tmp); #endif - for (i = 0; i < SSL_PKEY_NUM; i++) - { - CERT_PKEY *rpk = ret->pkeys + i; - if (rpk->x509 != NULL) - X509_free(rpk->x509); - if (rpk->privatekey != NULL) - EVP_PKEY_free(rpk->privatekey); - if (rpk->chain) - sk_X509_pop_free(rpk->chain, X509_free); - } - + ssl_cert_clear_certs(ret); return NULL; } +/* Free up and clear all certificates and chains */ + +void ssl_cert_clear_certs(CERT *c) + { + int i; + if (c == NULL) + return; + for (i = 0; i<SSL_PKEY_NUM; i++) + { + CERT_PKEY *cpk = c->pkeys + i; + if (cpk->x509) + { + X509_free(cpk->x509); + cpk->x509 = NULL; + } + if (cpk->privatekey) + { + EVP_PKEY_free(cpk->privatekey); + cpk->privatekey = NULL; + } + if (cpk->chain) + { + sk_X509_pop_free(cpk->chain, X509_free); + cpk->chain = NULL; + } +#ifndef OPENSSL_NO_TLSEXT + if (cpk->authz != NULL) + OPENSSL_free(cpk->authz); +#endif + } + } void ssl_cert_free(CERT *c) { @@ -425,24 +446,7 @@ void ssl_cert_free(CERT *c) if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); #endif - for (i=0; i<SSL_PKEY_NUM; i++) - { - CERT_PKEY *cpk = c->pkeys + i; - if (cpk->x509 != NULL) - X509_free(cpk->x509); - if (cpk->privatekey != NULL) - EVP_PKEY_free(cpk->privatekey); - if (cpk->chain) - sk_X509_pop_free(cpk->chain, X509_free); -#if 0 - if (c->pkeys[i].publickey != NULL) - EVP_PKEY_free(c->pkeys[i].publickey); -#endif -#ifndef OPENSSL_NO_TLSEXT - if (c->pkeys[i].authz != NULL) - OPENSSL_free(c->pkeys[i].authz); -#endif - } + ssl_cert_clear_certs(c); if (c->sigalgs) OPENSSL_free(c->sigalgs); OPENSSL_free(c); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index dc9a8665bc..c291ee274c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -525,6 +525,11 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) return X509_VERIFY_PARAM_set1(ssl->param, vpm); } +void SSL_certs_clear(SSL *s) + { + ssl_cert_clear_certs(s->cert); + } + void SSL_free(SSL *s) { int i; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 872bce6601..622648f72e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -831,6 +831,7 @@ int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); CERT *ssl_cert_dup(CERT *cert); int ssl_cert_inst(CERT **o); +void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); |