CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2022/01/11 12:03:15
Modified files:
lib/libssl : ssl_clnt.c ssl_locl.h ssl_sess.c ssl_srvr.c
tls13_client.c tls13_server.c
Log message:
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates
- in fact, one of each known type. Since we do not live in such a world,
get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2
and TLSv1.3, both clients and servers can only send a single leaf
(aka end-entity) certificate).
ok inoguchi@ tb@
