← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openssl/lucid-proposed

« back to all changes in this revision

Viewing changes to ssl/ssl_lib.c

  • Committer: Bazaar Package Importer
  • Author(s): Nicolas Valcárcel Scerpella (Canonical)
  • Date: 2009-12-06 20:16:24 UTC
  • mfrom: (11.1.9 sid)
  • Revision ID: james.westby@ubuntu.com-20091206201624-u126qjpqm2n2uuhu
Tags: 0.9.8k-7ubuntu1
https://launchpad.net/bugs/493392
* Merge from debian unstable, remaining changes (LP: #493392):
  - Link using -Bsymbolic-functions
  - Add support for lpia
  - Disable SSLv2 during compile
  - Ship documentation in openssl-doc, suggested by the package.
  - Use a different priority for libssl0.9.8/restart-services
    depending on whether a desktop, or server dist-upgrade is being
    performed.
  - Display a system restart required notification bubble on libssl0.9.8
    upgrade.
  - Replace duplicate files in the doc directory with symlinks.
  - Move runtime libraries to /lib, for the benefit of wpasupplicant
* Strip the patches out of the source into quilt patches
* Disable CVE-2009-3555.patch

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/ssl_lib.c
126
126
#include <openssl/lhash.h>
127
127
#include <openssl/x509v3.h>
128
128
#include <openssl/rand.h>
 
129
#include <openssl/ocsp.h>
129
130
#ifndef OPENSSL_NO_DH
130
131
#include <openssl/dh.h>
131
132
#endif
 
133
#ifndef OPENSSL_NO_ENGINE
 
134
#include <openssl/engine.h>
 
135
#endif
132
136
 
133
137
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
134
138
 
311
315
        s->tlsext_debug_cb = 0;
312
316
        s->tlsext_debug_arg = NULL;
313
317
        s->tlsext_ticket_expected = 0;
 
318
        s->tlsext_status_type = -1;
 
319
        s->tlsext_status_expected = 0;
 
320
        s->tlsext_ocsp_ids = NULL;
 
321
        s->tlsext_ocsp_exts = NULL;
 
322
        s->tlsext_ocsp_resp = NULL;
 
323
        s->tlsext_ocsp_resplen = -1;
314
324
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
315
325
        s->initial_ctx=ctx;
316
326
#endif
500
510
 
501
511
        if (s->ctx) SSL_CTX_free(s->ctx);
502
512
#ifndef OPENSSL_NO_TLSEXT
 
513
        if (s->tlsext_hostname)
 
514
                OPENSSL_free(s->tlsext_hostname);
503
515
        if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
 
516
        if (s->tlsext_ocsp_exts)
 
517
                sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
 
518
                                                X509_EXTENSION_free);
 
519
        if (s->tlsext_ocsp_ids)
 
520
                sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
 
521
        if (s->tlsext_ocsp_resp)
 
522
                OPENSSL_free(s->tlsext_ocsp_resp);
504
523
#endif
505
524
        if (s->client_CA != NULL)
506
525
                sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
1379
1398
                return(NULL);
1380
1399
                }
1381
1400
 
 
1401
#ifdef OPENSSL_FIPS
 
1402
        if (FIPS_mode() && (meth->version < TLS1_VERSION))      
 
1403
                {
 
1404
                SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
 
1405
                return NULL;
 
1406
                }
 
1407
#endif
 
1408
 
1382
1409
        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1383
1410
                {
1384
1411
                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1494
1521
                || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1495
1522
                ret->options |= SSL_OP_NO_TICKET;
1496
1523
 
 
1524
        ret->tlsext_status_cb = 0;
 
1525
        ret->tlsext_status_arg = NULL;
 
1526
 
 
1527
#endif
 
1528
 
 
1529
#ifndef OPENSSL_NO_ENGINE
 
1530
        ret->client_cert_engine = NULL;
 
1531
#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
 
1532
#define eng_strx(x)     #x
 
1533
#define eng_str(x)      eng_strx(x)
 
1534
        /* Use specific client engine automatically... ignore errors */
 
1535
        {
 
1536
        ENGINE *eng;
 
1537
        eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
 
1538
        if (!eng)
 
1539
                {
 
1540
                ERR_clear_error();
 
1541
                ENGINE_load_builtin_engines();
 
1542
                eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
 
1543
                }
 
1544
        if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
 
1545
                ERR_clear_error();
 
1546
        }
 
1547
#endif
1497
1548
#endif
1498
1549
 
1499
1550
        return(ret);
1566
1617
#else
1567
1618
        a->comp_methods = NULL;
1568
1619
#endif
 
1620
#ifndef OPENSSL_NO_ENGINE
 
1621
        if (a->client_cert_engine)
 
1622
                ENGINE_finish(a->client_cert_engine);
 
1623
#endif
1569
1624
        OPENSSL_free(a);
1570
1625
        }
1571
1626