changes from plan 9. some clean-up.

src/libsec/port/tlshand.c

@@ -248,7 +248,7 @@ static uchar compressors[] = {
 	CompressionNull,
 };
 
-static TlsConnection *tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...));
+static TlsConnection *tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...), PEMChain *chain);
 static TlsConnection *tlsClient2(int ctl, int hand, uchar *csid, int ncsid, int (*trace)(char*fmt, ...));
 
 static void	msgClear(Msg *m);
@@ -273,7 +273,7 @@ static TlsSec*	tlsSecInitc(int cvers, uchar *crandom);
 static int	tlsSecSecretc(TlsSec *sec, uchar *sid, int nsid, uchar *srandom, uchar *cert, int ncert, int vers, uchar **epm, int *nepm, uchar *kd, int nkd);
 static int	tlsSecFinished(TlsSec *sec, MD5state md5, SHAstate sha1, uchar *fin, int nfin, int isclient);
 static void	tlsSecOk(TlsSec *sec);
-static void	tlsSecKill(TlsSec *sec);
+/* static void	tlsSecKill(TlsSec *sec); */
 static void	tlsSecClose(TlsSec *sec);
 static void	setMasterSecret(TlsSec *sec, Bytes *pm);
 static void	serverMasterSecret(TlsSec *sec, uchar *epm, int nepm);
@@ -296,14 +296,14 @@ static void* erealloc(void*, int);
 static void put32(uchar *p, u32int);
 static void put24(uchar *p, int);
 static void put16(uchar *p, int);
-static u32int get32(uchar *p);
+/* static u32int get32(uchar *p); */
 static int get24(uchar *p);
 static int get16(uchar *p);
 static Bytes* newbytes(int len);
 static Bytes* makebytes(uchar* buf, int len);
 static void freebytes(Bytes* b);
 static Ints* newints(int len);
-static Ints* makeints(int* buf, int len);
+/* static Ints* makeints(int* buf, int len); */
 static void freeints(Ints* b);
 
 //================= client/server ========================
@@ -337,7 +337,7 @@ tlsServer(int fd, TLSconn *conn)
 		return -1;
 	}
 	fprint(ctl, "fd %d 0x%x", fd, ProtocolVersion);
-	tls = tlsServer2(ctl, hand, conn->cert, conn->certlen, conn->trace);
+	tls = tlsServer2(ctl, hand, conn->cert, conn->certlen, conn->trace, conn->chain);
 	sprint(dname, "#a/tls/%s/data", buf);
 	data = open(dname, ORDWR);
 	close(fd);
@@ -412,15 +412,27 @@ tlsClient(int fd, TLSconn *conn)
 	return data;
 }
 
+static int
+countchain(PEMChain *p)
+{
+	int i = 0;
+
+	while (p) {
+		i++;
+		p = p->next;
+	}
+	return i;
+}
+
 static TlsConnection *
-tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...))
+tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...), PEMChain *chp)
 {
 	TlsConnection *c;
 	Msg m;
 	Bytes *csid;
 	uchar sid[SidSize], kd[MaxKeyData];
 	char *secrets;
-	int cipher, compressor, nsid, rv;
+	int cipher, compressor, nsid, rv, numcerts, i;
 
 	if(trace)
 		trace("tlsServer2\n");
@@ -498,9 +510,12 @@ tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ...
 	msgClear(&m);
 
 	m.tag = HCertificate;
-	m.u.certificate.ncert = 1;
+	numcerts = countchain(chp);
+	m.u.certificate.ncert = 1 + numcerts;
 	m.u.certificate.certs = emalloc(m.u.certificate.ncert * sizeof(Bytes));
 	m.u.certificate.certs[0] = makebytes(cert, ncert);
+	for (i = 0; i < numcerts && chp; i++, chp = chp->next)
+		m.u.certificate.certs[i+1] = makebytes(chp->pem, chp->pemlen);
 	if(!msgSend(c, &m, AQueue))
 		goto Err;
 	msgClear(&m);
@@ -1824,6 +1839,7 @@ tlsSecOk(TlsSec *sec)
 		sec->ok = 1;
 }
 
+/*
 static void
 tlsSecKill(TlsSec *sec)
 {
@@ -1832,6 +1848,7 @@ tlsSecKill(TlsSec *sec)
 	factotum_rsa_close(sec->rpc);
 	sec->ok = -1;
 }
+*/
 
 static void
 tlsSecClose(TlsSec *sec)
@@ -2205,11 +2222,13 @@ put16(uchar *p, int x)
 	p[1] = x;
 }
 
+/*
 static u32int
 get32(uchar *p)
 {
 	return (p[0]<<24)|(p[1]<<16)|(p[2]<<8)|p[3];
 }
+*/
 
 static int
 get24(uchar *p)
@@ -2272,6 +2291,7 @@ newints(int len)
 	return ans;
 }
 
+/*
 static Ints*
 makeints(int* buf, int len)
 {
@@ -2282,6 +2302,7 @@ makeints(int* buf, int len)
 		memmove(ans->data, buf, len*sizeof(int));
 	return ans;
 }
+*/
 
 static void
 freeints(Ints* b)