CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2022/07/03 08:58:00
Modified files:
lib/libssl : ssl_srvr.c
Log message:
Simplify certificate list handling code in legacy server.
A client is required to send an empty list if it does not have a suitable
certificate - handle this case up front, rather than going through the
normal code path and ending up with an empty certificate list. This matches
what we do in the TLSv1.3 stack and will allow for ruther clean up (in
addition to making the code more readable).
Also tidy up the CBS code and remove some unnecessary length checks. Use
'cert' and 'certs' for certificates, rather than 'x' and 'sk'.
ok tb@
