diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-10-22 00:26:02 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-10-22 00:26:02 +0000 |
| commit | 722c7bdff46cc17462e4f7fe890774883e304a62 (patch) | |
| tree | 7073c0943cca16ff57af599f7d21f8bea8296247 /src/common/tortls.c | |
| parent | bacbf984cad5acd758c29eb2186005e3fefa0295 (diff) | |
| download | tor-722c7bdff46cc17462e4f7fe890774883e304a62.tar tor-722c7bdff46cc17462e4f7fe890774883e304a62.tar.gz | |
r15997@catbus: nickm | 2007-10-21 20:25:40 -0400
New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent. This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit. I have tried turning new code on, and it seemed to work fine.
svn:r12086
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index de39969d5..eed35cd32 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -399,8 +399,16 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname, goto error; X509_free(cert); /* We just added a reference to cert. */ cert=NULL; +#if 1 if (idcert && !SSL_CTX_add_extra_chain_cert(result->ctx,idcert)) goto error; +#else + if (idcert) { + X509_STORE *s = SSL_CTX_get_cert_store(result->ctx); + tor_assert(s); + X509_STORE_add_cert(s, idcert); + } +#endif idcert=NULL; /* The context now owns the reference to idcert */ SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF); tor_assert(rsa); |