xref: /ssl/statem/statem_clnt.c

44 static ossl_inline int received_server_cert(SSL_CONNECTION *sc)  in received_server_cert()  argument
46     return sc->session->peer_rpk != NULL || sc->session->peer != NULL;  in received_server_cert()
430 static int do_compressed_cert(SSL_CONNECTION *sc)  in do_compressed_cert()  argument
433     return sc->ext.client_cert_type == TLSEXT_cert_type_x509  in do_compressed_cert()
434         && sc->ext.compress_certificate_from_peer[0] != TLSEXT_comp_cert_none;  in do_compressed_cert()
1908 MSG_PROCESS_RETURN tls_process_server_rpk(SSL_CONNECTION *sc, PACKET *pkt)  in tls_process_server_rpk()  argument
1912     if (!tls_process_rpk(sc, pkt, &peer_rpk)) {  in tls_process_server_rpk()
1918         SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_CERTIFICATE);  in tls_process_server_rpk()
1922     EVP_PKEY_free(sc->session->peer_rpk);  in tls_process_server_rpk()
1923     sc->session->peer_rpk = peer_rpk;  in tls_process_server_rpk()
1928 static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc,  in tls_post_process_server_rpk()  argument
1935     if (sc->session->peer_rpk == NULL) {  in tls_post_process_server_rpk()
1936         SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER,  in tls_post_process_server_rpk()
1941     if (sc->rwstate == SSL_RETRY_VERIFY)  in tls_post_process_server_rpk()
1942         sc->rwstate = SSL_NOTHING;  in tls_post_process_server_rpk()
1945     v_ok = ssl_verify_rpk(sc, sc->session->peer_rpk);  in tls_post_process_server_rpk()
1946     if (v_ok <= 0 && sc->verify_mode != SSL_VERIFY_NONE) {  in tls_post_process_server_rpk()
1948         SSLfatal(sc, ssl_x509err2alert(sc->verify_result),  in tls_post_process_server_rpk()
1953     if (v_ok > 0 && sc->rwstate == SSL_RETRY_VERIFY) {  in tls_post_process_server_rpk()
1957     if ((clu = ssl_cert_lookup_by_pkey(sc->session->peer_rpk, &certidx,  in tls_post_process_server_rpk()
1958                                        SSL_CONNECTION_GET_CTX(sc))) == NULL) {  in tls_post_process_server_rpk()
1959         SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_CERTIFICATE_TYPE);  in tls_post_process_server_rpk()
1968     if (!SSL_CONNECTION_IS_TLS13(sc)) {  in tls_post_process_server_rpk()
1969         if ((clu->amask & sc->s3.tmp.new_cipher->algorithm_auth) == 0) {  in tls_post_process_server_rpk()
1970             SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_RPK_TYPE);  in tls_post_process_server_rpk()
1976     X509_free(sc->session->peer);  in tls_post_process_server_rpk()
1977     sc->session->peer = NULL;  in tls_post_process_server_rpk()
1978     sk_X509_pop_free(sc->session->peer_chain, X509_free);  in tls_post_process_server_rpk()
1979     sc->session->peer_chain = NULL;  in tls_post_process_server_rpk()
1980     sc->session->verify_result = sc->verify_result;  in tls_post_process_server_rpk()
1983     if (SSL_CONNECTION_IS_TLS13(sc)  in tls_post_process_server_rpk()
1984             && !ssl_handshake_hash(sc, sc->cert_verify_hash,  in tls_post_process_server_rpk()
1985                                    sizeof(sc->cert_verify_hash),  in tls_post_process_server_rpk()
1986                                    &sc->cert_verify_hash_len)) {  in tls_post_process_server_rpk()
2187 MSG_PROCESS_RETURN tls_process_server_compressed_certificate(SSL_CONNECTION *sc, PACKET *pkt)  in tls_process_server_compressed_certificate()  argument
2193     if (tls13_process_compressed_certificate(sc, pkt, &tmppkt, buf) != MSG_PROCESS_ERROR)  in tls_process_server_compressed_certificate()
2194         ret = tls_process_server_certificate(sc, &tmppkt);  in tls_process_server_compressed_certificate()
3892 CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc,  in tls_construct_client_compressed_certificate()  argument
3895     SSL *ssl = SSL_CONNECTION_GET_SSL(sc);  in tls_construct_client_compressed_certificate()
3904     int alg = sc->ext.compress_certificate_from_peer[0];  in tls_construct_client_compressed_certificate()
3912     if (sc->pha_context == NULL) {  in tls_construct_client_compressed_certificate()
3916     } else if (!WPACKET_sub_memcpy_u8(&tmppkt, sc->pha_context, sc->pha_context_len))  in tls_construct_client_compressed_certificate()
3919     if (!ssl3_output_cert_chain(sc, &tmppkt, sc->cert->key, 0)) {  in tls_construct_client_compressed_certificate()
3964     if (SSL_IS_FIRST_HANDSHAKE(sc)  in tls_construct_client_compressed_certificate()
3965             && !SSL_IS_QUIC_HANDSHAKE(sc)  in tls_construct_client_compressed_certificate()
3966             && (sc->early_data_state != SSL_EARLY_DATA_NONE  in tls_construct_client_compressed_certificate()
3967                 || (sc->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)  in tls_construct_client_compressed_certificate()
3968             && (!ssl->method->ssl3_enc->change_cipher_state(sc,  in tls_construct_client_compressed_certificate()
3974         SSLfatal(sc, SSL_AD_NO_ALERT, SSL_R_CANNOT_CHANGE_CIPHER);  in tls_construct_client_compressed_certificate()
3981     SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);  in tls_construct_client_compressed_certificate()

Last Index update Fri Aug 22 02:40:23 CST 2025