'[openssl] OpenSSL source code branch master updated. a25f9adc778e17568fe2a325e5c3606adb8329f1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-cvs
Subject:    [openssl] OpenSSL source code branch master updated. a25f9adc778e17568fe2a325e5c3606adb8329f1
From:       Dr. Stephen Henson <steve () openssl ! org>
Date:       2013-11-18 19:05:21
Message-ID: 20131118190522.0E2FE1E03AC () openssl ! net
[Download RAW message or body]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, master has been updated
       via  a25f9adc778e17568fe2a325e5c3606adb8329f1 (commit)
       via  60aeb18750382362ec1c4e1cf05a7222c99ec886 (commit)
      from  fdeaf55bf95e1e2a1e70cca8b68c7d8bbef7c8f0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a25f9adc778e17568fe2a325e5c3606adb8329f1
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Mon Nov 18 18:49:46 2013 +0000

    New functions to retrieve certificate from SSL_CTX
    
    New functions to retrieve current certificate or private key
    from an SSL_CTX.
    
    Constify SSL_get_private_key().

commit 60aeb18750382362ec1c4e1cf05a7222c99ec886
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Mon Nov 18 16:52:10 2013 +0000

    Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set

-----------------------------------------------------------------------

Summary of changes:
 doc/ssl/ssl.pod |    6 +++++-
 ssl/ssl.h       |    7 ++++++-
 ssl/ssl_lib.c   |   20 +++++++++++++++++---
 3 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 6d3ee24..8d5b8c3 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -374,6 +374,10 @@ session instead of a context.
 
 =item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
 
+=item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx);
+
+=item EVP_PKEY *B<SSL_CTX_get0_privatekey>(const SSL_CTX *ctx);
+
 =item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int \
(*callback)(SSL *ssl, const char *hint, char *identity, unsigned int \
max_identity_len, unsigned char *psk, unsigned int max_psk_len));  
 =item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint);
@@ -507,7 +511,7 @@ connection defined in the B<SSL> structure.
 
 =item X509 *B<SSL_get_peer_certificate>(const SSL *ssl);
 
-=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
+=item EVP_PKEY *B<SSL_get_privatekey>(const SSL *ssl);
 
 =item int B<SSL_get_quiet_shutdown>(const SSL *ssl);
 
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 4e40594..95c96b9 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1278,9 +1278,11 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const \
unsigned char **data,  unsigned *len);
 #endif
 
+#ifndef OPENSSL_NO_TLSEXT
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
 			  const unsigned char *in, unsigned int inlen,
 			  const unsigned char *client, unsigned int client_len);
+#endif
 
 #define OPENSSL_NPN_UNSUPPORTED	0
 #define OPENSSL_NPN_NEGOTIATED	1
@@ -2375,7 +2377,10 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 SSL *SSL_dup(SSL *ssl);
 
 X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
+
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
 
 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7eb1a0c..1bedb54 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3103,7 +3103,6 @@ void ssl_clear_cipher_ctx(SSL *s)
 #endif
 	}
 
-/* Fix this function so that it takes an optional type parameter */
 X509 *SSL_get_certificate(const SSL *s)
 	{
 	if (s->cert != NULL)
@@ -3112,8 +3111,7 @@ X509 *SSL_get_certificate(const SSL *s)
 		return(NULL);
 	}
 
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
 	{
 	if (s->cert != NULL)
 		return(s->cert->key->privatekey);
@@ -3121,6 +3119,22 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
 		return(NULL);
 	}
 
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+	{
+	if (ctx->cert != NULL)
+		return ctx->cert->key->x509;
+	else
+		return NULL;
+	}
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+	{
+	if (ctx->cert != NULL)
+		return ctx->cert->key->privatekey;
+	else
+		return NULL ;
+	}
+
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
 	{
 	if ((s->session != NULL) && (s->session->cipher != NULL))


hooks/post-receive
-- 
OpenSSL source code
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                     openssl-cvs@openssl.org
Automated List Manager                           majordomo@openssl.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic