Fix PSK identity hint handling.

For server use a PSK identity hint value in the CERT structure which is inherited when SSL_new is called and which allows applications to set hints on a per-SSL basis. The previous version of SSL_use_psk_identity_hint tried (wrongly) to use the SSL_SESSION structure. PR#4039 Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-09-14 18:58:04 +0200
committer: Dr. Stephen Henson <steve@openssl.org> 2015-09-14 20:52:27 +0200
commit: df6da24bda457b724ba3e894e6c329a9b93d536f (patch)
tree: 3296a79122416d0d6dd31c6268ad6c92ba2fa2f1 /ssl/ssl_cert.c
parent: Constify ECDSA_METHOD_new. (diff)
download: openssl-df6da24bda457b724ba3e894e6c329a9b93d536f.tar.xz
openssl-df6da24bda457b724ba3e894e6c329a9b93d536f.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 555b1d7d82..05a4447450 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -334,6 +334,12 @@ CERT *ssl_cert_dup(CERT *cert)
     if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
         goto err;
 
+    if (cert->psk_identity_hint) {
+        ret->psk_identity_hint = BUF_strdup(cert->psk_identity_hint);
+        if (ret->psk_identity_hint == NULL)
+            goto err;
+    }
+
     return (ret);
 
  err:
@@ -402,6 +408,9 @@ void ssl_cert_free(CERT *c)
     X509_STORE_free(c->chain_store);
     custom_exts_free(&c->cli_ext);
     custom_exts_free(&c->srv_ext);
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(c->psk_identity_hint);
+#endif
     OPENSSL_free(c);
 }
author	Dr. Stephen Henson <steve@openssl.org>	2015-09-14 18:58:04 +0200
committer	Dr. Stephen Henson <steve@openssl.org>	2015-09-14 20:52:27 +0200
commit	df6da24bda457b724ba3e894e6c329a9b93d536f (patch)
tree	3296a79122416d0d6dd31c6268ad6c92ba2fa2f1 /ssl/ssl_cert.c
parent	Constify ECDSA_METHOD_new. (diff)
download	openssl-df6da24bda457b724ba3e894e6c329a9b93d536f.tar.xz openssl-df6da24bda457b724ba3e894e6c329a9b93d536f.zip