Remove remaining calls to the old lock functions.
|SSL_CTX| and |X509_STORE| have grown their own locks. Several static
locks have been added to hack around not being able to use a
|CRYPTO_once_t| in public headers. Lastly, support for calling
|SSL_CTX_set_generate_session_id| concurrently with active connections
has been removed. No other property of an |SSL_CTX| works like that.
Change-Id: Iff5fe3ee3fdd6ea9c9daee96f850b107ad8a6bca
Reviewed-on: https://boringssl-review.googlesource.com/4775
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 6d1c29e..d6a1826 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -796,6 +796,9 @@
struct ssl_ctx_st {
const SSL_PROTOCOL_METHOD *method;
+ /* lock is used to protect various operations on this object. */
+ CRYPTO_MUTEX lock;
+
/* max_version is the maximum acceptable protocol version. If zero, the
* maximum supported version, currently (D)TLS 1.2, is used. */
uint16_t max_version;
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 32ba134..146e047 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -184,6 +184,7 @@
/* The following is a cache of trusted certs */
int cache; /* if true, stash any hits */
STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
+ CRYPTO_MUTEX objs_lock;
/* These are external lookup methods */
STACK_OF(X509_LOOKUP) *get_cert_methods;
