Google Git
Sign in
boringssl/boringssl.git/3fe8fa74acf0a7bcd8ab5ad08698e8a99a667703^!/./ssl/ssl_lib.cc
commit
3fe8fa74acf0a7bcd8ab5ad08698e8a99a667703
[log] [tgz]
author
Adam Langley <agl@google.com>
Fri Jan 26 09:14:30 2018 -0800
committer
Adam Langley <agl@google.com>
Wed Jan 31 22:24:17 2018 +0000
tree
c9944f7e44f43dbeb37ed0296f7db008745d6272
parent
7e5dd25d47face6deb452823ae4f40c4c7ca375a [diff] [blame]
Add initial, experimental support for split handshakes.

Split handshakes allows the handshaking of a TLS connection to be
performed remotely. This encompasses not just the private-key and ticket
operations – support for that was already available – but also things
such as selecting the certificates and cipher suites.

The the comment block in ssl.h for details. This is highly experimental
and will change significantly before its settled.

Change-Id: I337bdfa4c3262169e9b79dd4e70b57f0d380fcad
Reviewed-on: https://boringssl-review.googlesource.com/25387
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index d05e613..2fd3beb 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -465,6 +465,10 @@
 #endif
 }
 
+void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) {
+  ctx->handoff = on;
+}
+
 }  // namespace bssl
 
 using namespace bssl;
@@ -736,6 +740,7 @@
 
   ssl->signed_cert_timestamps_enabled = ctx->signed_cert_timestamps_enabled;
   ssl->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
+  ssl->handoff = ctx->handoff;
 
   return ssl;
 
@@ -1269,6 +1274,9 @@
     case SSL_CERTIFICATE_SELECTION_PENDING:
       return SSL_ERROR_PENDING_CERTIFICATE;
 
+    case SSL_HANDOFF:
+      return SSL_ERROR_HANDOFF;
+
     case SSL_READING: {
       BIO *bio = SSL_get_rbio(ssl);
       if (BIO_should_read(bio)) {