Hold certificates in an SSL_SESSION as CRYPTO_BUFFERSs as well. This change adds a STACK_OF(CRYPTO_BUFFER) to an SSL_SESSION which contains the raw form of the received certificates. The X509-based members still exist, but their |enc| buffer will alias the CRYPTO_BUFFERs. (This is a second attempt at https://boringssl-review.googlesource.com/#/c/12163/.) BUG=chromium:671420 Change-Id: I508a8a46cab89a5a3fcc0c1224185d63e3d59cb8 Reviewed-on: https://boringssl-review.googlesource.com/12705 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 68e7124ddf3680302650b7c10cccdef039a72202 [log] [tgz]
author: Adam Langley <agl@google.com> Mon Dec 12 11:06:16 2016 -0800
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Dec 13 17:28:25 2016 +0000
tree: a30d60e2d3e066b2e73ddf07ff739f641befbec0
parent: 364f7a6d21f73d099f4f80800973174a8f71e90f [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 041895c..3d88017 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -3690,6 +3690,11 @@
   uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 
   char *psk_identity;
+
+  /* certs contains the certificate chain from the peer, starting with the leaf
+   * certificate. */
+  STACK_OF(CRYPTO_BUFFER) *certs;
+
   /* x509_peer is the peer's certificate. */
   X509 *x509_peer;
commit	68e7124ddf3680302650b7c10cccdef039a72202	[log] [tgz]
author	Adam Langley <agl@google.com>	Mon Dec 12 11:06:16 2016 -0800
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Dec 13 17:28:25 2016 +0000
tree	a30d60e2d3e066b2e73ddf07ff739f641befbec0
parent	364f7a6d21f73d099f4f80800973174a8f71e90f [diff] [blame]