diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-07-03 12:51:14 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-07-03 12:51:14 +0000 |
| commit | 3dbc46dfcd918f7869496e34b0896dbac01d25a0 (patch) | |
| tree | d4c2dae8f5b1866ea96bd169e7beb26e84d49202 /ssl/ssl_cert.c | |
| parent | 32e03a3016b93bf0f763c6daf1eeeada7db2256c (diff) | |
| download | openssl-new-3dbc46dfcd918f7869496e34b0896dbac01d25a0.tar.gz | |
Separate client and server permitted signature algorithm support: by default
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
Diffstat (limited to 'ssl/ssl_cert.c')
| -rw-r--r-- | ssl/ssl_cert.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 9aa7b04966..1edbf18f3b 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -361,19 +361,31 @@ CERT *ssl_cert_dup(CERT *cert) /* Peer sigalgs set to NULL as we get these from handshake too */ ret->peer_sigalgs = NULL; ret->peer_sigalgslen = 0; - /* Configure sigalgs however we copy across */ + /* Configured sigalgs however we copy across */ + if (cert->conf_sigalgs) { - ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen - * sizeof(TLS_SIGALGS)); + ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); if (!ret->conf_sigalgs) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, - cert->conf_sigalgslen * sizeof(TLS_SIGALGS)); + cert->conf_sigalgslen); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; + + if (cert->client_sigalgs) + { + ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen); + if (!ret->client_sigalgs) + goto err; + memcpy(ret->client_sigalgs, cert->client_sigalgs, + cert->client_sigalgslen); + ret->client_sigalgslen = cert->client_sigalgslen; + } + else + ret->client_sigalgs = NULL; /* Shared sigalgs also NULL */ ret->shared_sigalgs = NULL; @@ -473,6 +485,8 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c->peer_sigalgs); if (c->conf_sigalgs) OPENSSL_free(c->conf_sigalgs); + if (c->client_sigalgs) + OPENSSL_free(c->client_sigalgs); if (c->shared_sigalgs) OPENSSL_free(c->shared_sigalgs); OPENSSL_free(c); |