diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-11 13:37:52 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-11 13:37:52 +0000 |
commit | 9472baae0d17ddf425f891a3154057356217af08 (patch) | |
tree | 8ceed735328184e381c811fe0913264f1327fea1 /ssl/ssl_cert.c | |
parent | ae17b9ecd5d243c93b071c6be309b4f230a1aa52 (diff) | |
download | openssl-new-9472baae0d17ddf425f891a3154057356217af08.tar.gz |
Backport TLS v1.2 support from HEAD.
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 27256eea81..917be31876 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -160,6 +160,21 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) return ssl_x509_store_ctx_idx; } +static void ssl_cert_set_default_md(CERT *cert) + { + /* Set digest values to defaults */ +#ifndef OPENSSL_NO_DSA + cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); +#endif +#ifndef OPENSSL_NO_RSA + cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); + cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); +#endif +#ifndef OPENSSL_NO_ECDSA + cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); +#endif + } + CERT *ssl_cert_new(void) { CERT *ret; @@ -174,7 +189,7 @@ CERT *ssl_cert_new(void) ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); ret->references=1; - + ssl_cert_set_default_md(ret); return(ret); } @@ -307,6 +322,10 @@ CERT *ssl_cert_dup(CERT *cert) * chain is held inside SSL_CTX */ ret->references=1; + /* Set digests to defaults. NB: we don't copy existing values as they + * will be set during handshake. + */ + ssl_cert_set_default_md(ret); return(ret); |