Am 19.09.13 12:47, schrieb steffan.kar...@fox-it.com: > From: Joachim Schipper <joachim.schip...@fox-it.com> > > OpenSSL's tls_ctx_load_cert_file() had a parameter in which a copy of the > context's certificate chain was stored on return, used by > tls_ctx_use_external_private_key() only and free()d immediately thereafter. > > PolarSSL also supported this output parameter, but returned a pointer to the > context's certificate chain (rather than to a copy of the certificate, as > OpenSSL does) - which meant that we would have to #ifdef the free(). > > PolarSSL cannot make a copy of a certificate chain, and OpenSSL cannot store a > pointer to (instead of a copy of) the cert. > > So remove the output parameter from tls_ctx_load_cert_file() and incorporate > the needed functionality directly into tls_ctx_use_external_private_key() > (which is straightforward for both OpenSSL and PolarSSL, as long as you don't > try to support both at once.) > > ACK. This "only" refactoring.
Arne
smime.p7s
Description: S/MIME Cryptographic Signature
