Google Git
Sign in
boringssl/boringssl.git/93d9743def881bdf106e6496d917aeeae686b094^!/.
commit
93d9743def881bdf106e6496d917aeeae686b094
[log]
author
David Benjamin <davidben@google.com>
Mon Aug 08 21:22:47 2016 -0400
committer
Adam Langley <agl@google.com>
Fri Aug 19 16:24:09 2016 +0000
tree
5364dbc2577d69ab6dd46d08b2762bed051e4cc8
parent
46662482b898da0fee9ac49dea0b532eb60d84ef [diff]
Deprecate and no-op SSL_set_verify_result.

As documented by OpenSSL, it does not interact with session resumption
correctly:
https://www.openssl.org/docs/manmaster/ssl/SSL_set_verify_result.html

Sadly, netty-tcnative calls it, but we should be able to get them to
take it out because it doesn't do anything. Two of the three calls are
immediately after SSL_new. In OpenSSL and BoringSSL as of the previous
commit, this does nothing.

The final call is in verify_callback (see SSL_set_verify). This callback
is called in X509_verify_cert by way of X509_STORE_CTX_set_verify_cb.
As soon as X509_verify_cert returns, ssl->verify_result is clobbered
anyway, so it doesn't do anything.

Within OpenSSL, it's used in testdane.c. As far as I can tell, it does
not actually do a handshake and just uses this function to fake having
done one. (Regardless, we don't need to build against that.)

This is done in preparation for removing ssl->verify_result in favor of
session->verify_result.

Change-Id: I7e32d7f26c44f70136c72e58be05a3a43e62582b
Reviewed-on: https://boringssl-review.googlesource.com/10485
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ee0adee..10a0423 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -2163,9 +2163,6 @@
  * either |X509_V_OK| or a |X509_V_ERR_*| value. */
 OPENSSL_EXPORT long SSL_get_verify_result(const SSL *ssl);
 
-/* SSL_set_verify_result overrides the result of certificate verification. */
-OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result);
-
 /* SSL_get_ex_data_X509_STORE_CTX_idx returns the ex_data index used to look up
  * the |SSL| associated with an |X509_STORE_CTX| in the verify callback. */
 OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void);
@@ -3593,6 +3590,12 @@
                                                     const int *digest_nids,
                                                     size_t num_digests);
 
+/* SSL_set_verify_result calls |abort| unless |result| is |X509_V_OK|.
+ *
+ * TODO(davidben): Remove this function once it has been removed from
+ * netty-tcnative. */
+OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result);
+
 
 /* Private structures.
  *

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 224cae8..da66263 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -141,6 +141,7 @@
 #include <openssl/ssl.h>
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/bytestring.h>
@@ -2310,7 +2311,9 @@
 }
 
 void SSL_set_verify_result(SSL *ssl, long result) {
-  ssl->verify_result = result;
+  if (result != X509_V_OK) {
+    abort();
+  }
 }
 
 long SSL_get_verify_result(const SSL *ssl) { return ssl->verify_result; }