Don't use |X509| objects in |CERT|, by default. This change converts the |CERT| struct to holding certificates as binary blobs, rather than in parsed form. The members for holding the parsed form are still there, however, but are only used as a cache for the event that someone asks us for a non-owning pointer to the parsed leaf or chain. Next steps: * Move more functions in to ssl_x509.c * Create an X509_OPS struct of function pointers that will hang off the |SSL_METHOD| to abstract out the current calls to crypto/x509 operations. BUG=chromium:671420 Change-Id: Ifa05d88c49a987fd561b349705c9c48f106ec868 Reviewed-on: https://boringssl-review.googlesource.com/13280 Reviewed-by: Adam Langley <agl@google.com>

commit: 3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd [log] [tgz]
author: Adam Langley <agl@google.com> Tue Jan 24 13:59:42 2017 -0800
committer: Adam Langley <agl@google.com> Fri Jan 27 16:21:05 2017 +0000
tree: a0bd3f5e6a01774b32736f93c9cd5b4fd2153c79
parent: 2fe6e227fbb0d42b65058d74cbfa3b19b0963e1f [diff] [blame]
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index e3889bb..dc39c93 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c

@@ -698,7 +698,7 @@
   uint32_t mask_k = 0;
   uint32_t mask_a = 0;
 
-  if (ssl->cert->x509_leaf != NULL && ssl_has_private_key(ssl)) {
+  if (ssl_has_certificate(ssl)) {
     int type = ssl_private_key_type(ssl);
     if (type == NID_rsaEncryption) {
       mask_k |= SSL_kRSA;
commit	3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd	[log] [tgz]
author	Adam Langley <agl@google.com>	Tue Jan 24 13:59:42 2017 -0800
committer	Adam Langley <agl@google.com>	Fri Jan 27 16:21:05 2017 +0000
tree	a0bd3f5e6a01774b32736f93c9cd5b4fd2153c79
parent	2fe6e227fbb0d42b65058d74cbfa3b19b0963e1f [diff] [blame]