commit 7aa31d68fc873ff3e8d1f85354b21b7b75d5bc36
author David Benjamin <davidben@google.com> Mon Aug 08 21:38:32 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Aug 19 18:29:43 2016 +0000
tree 9be4d4b9c8a64982a055d212266b123267c45591
parent 93d9743def881bdf106e6496d917aeeae686b094

Remove ssl->verify_result.

Having two copies of this is confusing. This field is inherently tied to
the certificate chain, which lives on SSL_SESSION, so this should live
there too. This also wasn't getting reset correctly on SSL_clear, but
this is now resolved.

Change-Id: I22b1734a93320bb0bf0dc31faa74d77a8e1de906
Reviewed-on: https://boringssl-review.googlesource.com/10283
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 10a0423..f1c25ef 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3669,9 +3669,9 @@
    * |peer|, but when a server it does not. */
   STACK_OF(X509) *cert_chain;
 
-  /* when app_verify_callback accepts a session where the peer's certificate is
-   * not ok, we must remember the error for session reuse: */
-  long verify_result; /* only for servers */
+  /* verify_result is the result of certificate verification in the case of
+   * non-fatal certificate errors. */
+  long verify_result;
 
   long timeout;
   long time;
@@ -4131,7 +4131,6 @@
   SSL_CTX *ctx;
 
   /* extra application data */
-  long verify_result;
   CRYPTO_EX_DATA ex_data;
 
   /* for server side, keep the list of CA_dn we can use */