"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "ssl/t1_lib.c" between
openssl-1.1.1o.tar.gz and openssl-1.1.1p.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

t1_lib.c  (openssl-1.1.1o)	:	t1_lib.c  (openssl-1.1.1p)
/*		/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.		* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*		*
* Licensed under the OpenSSL license (the "License"). You may not use		* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy		* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at		* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html		* https://www.openssl.org/source/license.html
*/		*/
#include <stdio.h>		#include <stdio.h>
#include <stdlib.h>		#include <stdlib.h>
#include <openssl/objects.h>		#include <openssl/objects.h>
skipping to change at line 2372		skipping to change at line 2372
}		}
}		}
if (!(rv & CERT_PKEY_CERT_TYPE) && !check_flags)		if (!(rv & CERT_PKEY_CERT_TYPE) && !check_flags)
goto end;		goto end;
} else {		} else {
rv |= CERT_PKEY_CERT_TYPE;		rv |= CERT_PKEY_CERT_TYPE;
}		}
ca_dn = s->s3->tmp.peer_ca_names;		ca_dn = s->s3->tmp.peer_ca_names;
if (!sk_X509_NAME_num(ca_dn))		if (ca_dn == NULL
		|| sk_X509_NAME_num(ca_dn) == 0
		|| ssl_check_ca_name(ca_dn, x))
rv |= CERT_PKEY_ISSUER_NAME;		rv |= CERT_PKEY_ISSUER_NAME;
		else
if (!(rv & CERT_PKEY_ISSUER_NAME)) {
if (ssl_check_ca_name(ca_dn, x))
rv |= CERT_PKEY_ISSUER_NAME;
}
if (!(rv & CERT_PKEY_ISSUER_NAME)) {
for (i = 0; i < sk_X509_num(chain); i++) {		for (i = 0; i < sk_X509_num(chain); i++) {
X509 *xtmp = sk_X509_value(chain, i);		X509 *xtmp = sk_X509_value(chain, i);
if (ssl_check_ca_name(ca_dn, xtmp)) {		if (ssl_check_ca_name(ca_dn, xtmp)) {
rv |= CERT_PKEY_ISSUER_NAME;		rv |= CERT_PKEY_ISSUER_NAME;
break;		break;
}		}
}		}
}
if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME))		if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME))
goto end;		goto end;
} else		} else
rv |= CERT_PKEY_ISSUER_NAME | CERT_PKEY_CERT_TYPE;		rv |= CERT_PKEY_ISSUER_NAME | CERT_PKEY_CERT_TYPE;
if (!check_flags || (rv & check_flags) == check_flags)		if (!check_flags || (rv & check_flags) == check_flags)
rv |= CERT_PKEY_VALID;		rv |= CERT_PKEY_VALID;
end:		end:
skipping to change at line 2558		skipping to change at line 2556
* Check security of a chain, if |sk| includes the end entity certificate then		* Check security of a chain, if |sk| includes the end entity certificate then
* |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending		* |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
* one to the peer. Return values: 1 if ok otherwise error code to use		* one to the peer. Return values: 1 if ok otherwise error code to use
*/		*/
int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)		int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
{		{
int rv, start_idx, i;		int rv, start_idx, i;
if (x == NULL) {		if (x == NULL) {
x = sk_X509_value(sk, 0);		x = sk_X509_value(sk, 0);
		if (x == NULL)
		return ERR_R_INTERNAL_ERROR;
start_idx = 1;		start_idx = 1;
} else		} else
start_idx = 0;		start_idx = 0;
rv = ssl_security_cert(s, NULL, x, vfy, 1);		rv = ssl_security_cert(s, NULL, x, vfy, 1);
if (rv != 1)		if (rv != 1)
return rv;		return rv;
for (i = start_idx; i < sk_X509_num(sk); i++) {		for (i = start_idx; i < sk_X509_num(sk); i++) {
x = sk_X509_value(sk, i);		x = sk_X509_value(sk, i);
End of changes. 6 change blocks.
9 lines changed or deleted		9 lines changed or added

---