xref: /third_party/node/deps/openssl/openssl/ssl/ssl_lib.c

170 static void dane_final(SSL_DANE *dane)
172     sk_danetls_record_pop_free(dane->trecs, tlsa_free);
173     dane->trecs = NULL;
175     sk_X509_pop_free(dane->certs, X509_free);
176     dane->certs = NULL;
178     X509_free(dane->mcert);
179     dane->mcert = NULL;
180     dane->mtlsa = NULL;
181     dane->mdpth = -1;
182     dane->pdpth = -1;
186  * dane_copy - Copy dane configuration, sans verification state.
193     if (!DANETLS_ENABLED(&from->dane))
196     num = sk_danetls_record_num(from->dane.trecs);
197     dane_final(&to->dane);
198     to->dane.flags = from->dane.flags;
199     to->dane.dctx = &to->ctx->dane;
200     to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
202     if (to->dane.trecs == NULL) {
208         danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
262 static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
264     if (mtype > dane->dctx->mdmax)
266     return dane->dctx->mdevp[mtype];
269 static int dane_tlsa_add(SSL_DANE *dane,
280     if (dane->trecs == NULL) {
301         md = tlsa_md_get(dane, mtype);
380             if ((dane->certs == NULL &&
381                  (dane->certs = sk_X509_new_null()) == NULL) ||
382                 !sk_X509_push(dane->certs, cert)) {
426     num = sk_danetls_record_num(dane->trecs);
428         danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
438         if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
443     if (!sk_danetls_record_insert(dane->trecs, t, i)) {
448     dane->umask |= DANETLS_USAGE_BIT(usage);
678     s->dane.mdpth = -1;
679     s->dane.pdpth = -1;
680     X509_free(s->dane.mcert);
681     s->dane.mcert = NULL;
682     s->dane.mtlsa = NULL;
764     s->dane.flags = ctx->dane.flags;
1083     return dane_ctx_enable(&ctx->dane);
1088     unsigned long orig = ctx->dane.flags;
1090     ctx->dane.flags |= flags;
1096     unsigned long orig = ctx->dane.flags;
1098     ctx->dane.flags &= ~flags;
1104     SSL_DANE *dane = &s->dane;
1106     if (s->ctx->dane.mdmax == 0) {
1110     if (dane->trecs != NULL) {
1133     dane->mdpth = -1;
1134     dane->pdpth = -1;
1135     dane->dctx = &s->ctx->dane;
1136     dane->trecs = sk_danetls_record_new_null();
1138     if (dane->trecs == NULL) {
1147     unsigned long orig = ssl->dane.flags;
1149     ssl->dane.flags |= flags;
1155     unsigned long orig = ssl->dane.flags;
1157     ssl->dane.flags &= ~flags;
1163     SSL_DANE *dane = &s->dane;
1165     if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
1167     if (dane->mtlsa) {
1169             *mcert = dane->mcert;
1171             *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
1173     return dane->mdpth;
1179     SSL_DANE *dane = &s->dane;
1181     if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
1183     if (dane->mtlsa) {
1185             *usage = dane->mtlsa->usage;
1187             *selector = dane->mtlsa->selector;
1189             *mtype = dane->mtlsa->mtype;
1191             *data = dane->mtlsa->data;
1193             *dlen = dane->mtlsa->dlen;
1195     return dane->mdpth;
1200     return &s->dane;
1206     return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
1212     return dane_mtype_set(&ctx->dane, md, mtype, ord);
1253     dane_final(&s->dane);
3565     dane_ctx_final(&a->dane);
5350     SSL_DANE *dane = &s->dane;
5374     if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
5375         switch (dane->mtlsa->usage) {

Indexes created Thu Nov 07 10:32:03 CST 2024