Unexport the handshake's internal state. Code which manages to constrain itself on this will limit our ability to rework the handshake. I believe, at this point, we only need to expose one bit of information (there's some code that compares SSL_state to SSL_ST_OK), if even that. BUG=177 Change-Id: Ie1c43006737db0b974811f1819755c629ae68e7b Reviewed-on: https://boringssl-review.googlesource.com/13826 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>

commit: 9e766d7532412b41b7d87c367c934b20baa85566 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Feb 10 23:14:17 2017 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Feb 13 19:44:30 2017 +0000
tree: cee4d3ed819b4896cac2cb2df8050302891cb9c9
parent: 07ab5d44d9f8e73d621940bf64a7cd457641d189 [diff] [blame]
diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index b71b994..c30fe6e 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c

@@ -898,7 +898,9 @@
 
 int SSL_set_session(SSL *ssl, SSL_SESSION *session) {
   /* SSL_set_session may only be called before the handshake has started. */
-  if (SSL_state(ssl) != SSL_ST_INIT || ssl->s3->initial_handshake_complete) {
+  if (ssl->s3->initial_handshake_complete ||
+      ssl->s3->hs == NULL ||
+      ssl->s3->hs->state != SSL_ST_INIT) {
     abort();
   }
commit	9e766d7532412b41b7d87c367c934b20baa85566	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Feb 10 23:14:17 2017 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Mon Feb 13 19:44:30 2017 +0000
tree	cee4d3ed819b4896cac2cb2df8050302891cb9c9
parent	07ab5d44d9f8e73d621940bf64a7cd457641d189 [diff] [blame]