commit 57e81e666a4f2c94aa54a0dc58a1e724532eb347
author Alessandro Ghedini <alessandro@ghedini.me> Tue Mar 14 23:36:00 2017 +0000
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Mar 22 01:27:00 2017 +0000
tree d8d595128bd30a75d95ccf9f5d44704ca930d3f8
parent cedc6f1824ddc116872f762f28df3146889209be

Name |select_certificate_cb| return values

The |select_certificate_cb| return values are somewhat confusing due
to the fact that they don't match the |cert_cb| ones, despite the
similarities between the two callbacks (they both have "certificate" in
the name! well, sort of).

This also documents the error return value (-1) which was previously
undocumented, and it expands the |SSL_CTX_set_select_certificate_cb|
documentation regarding retrial (by shamelessly copying from
|SSL_CTX_set_ticket_aead_method|).

Also updates other scattered documentation that was missed by previous
changes.

Change-Id: Ib962b31d08e6475e09954cbc3c939988b0ba13f7
Reviewed-on: https://boringssl-review.googlesource.com/14245
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 411ddb7..6678b57 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -2144,17 +2144,6 @@
   return SSL_TLSEXT_ERR_OK;
 }
 
-static int SwitchSessionIDContextEarly(const SSL_CLIENT_HELLO *client_hello) {
-  static const uint8_t kContext[] = {3};
-
-  if (!SSL_set_session_id_context(client_hello->ssl, kContext,
-                                  sizeof(kContext))) {
-    return -1;
-  }
-
-  return 1;
-}
-
 static bool TestSessionIDContext(bool is_dtls, const SSL_METHOD *method,
                                  uint16_t version) {
   bssl::UniquePtr<X509> cert = GetTestCertificate();
@@ -2226,8 +2215,18 @@
 
   // Switch the session ID context with the early callback instead.
   SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
-  SSL_CTX_set_select_certificate_cb(server_ctx.get(),
-                                    SwitchSessionIDContextEarly);
+  SSL_CTX_set_select_certificate_cb(
+      server_ctx.get(),
+      [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
+        static const uint8_t kContext[] = {3};
+
+        if (!SSL_set_session_id_context(client_hello->ssl, kContext,
+                                        sizeof(kContext))) {
+          return ssl_select_cert_error;
+        }
+
+        return ssl_select_cert_success;
+      });
 
   if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
                            false /* expect session not reused */)) {
@@ -2614,12 +2613,13 @@
   ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION));
 
   SSL_CTX_set_select_certificate_cb(
-      server_ctx.get(), [](const SSL_CLIENT_HELLO *client_hello) -> int {
+      server_ctx.get(),
+      [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
         if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
-          return -1;
+          return ssl_select_cert_error;
         }
 
-        return 1;
+        return ssl_select_cert_success;
       });
 
   bssl::UniquePtr<SSL> client, server;