CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2018/02/09 21:57:35
Modified files:
lib/libtls : tls.c tls_config.c tls_internal.h tls_keypair.c
Log message:
Move the keypair pubkey hash handling code to during config.
The keypair pubkey hash was being generated and set in the keypair when the
TLS context was being configured. This code should not be messing around
with the keypair contents, since it is part of the config (and not the
context).
Instead, generate the pubkey hash and store it in the keypair when the
certificate is configured. This means that we are guaranteed to have the
pubkey hash and as a side benefit, we identify bad certificate content
when it is provided, instead of during the context configuration.
ok beck@
