Google Git
Sign in
boringssl/boringssl.git/a6124742d008e7cd4613833350a16d68537687c9^!/.
commit
a6124742d008e7cd4613833350a16d68537687c9
[log]
author
Alessandro Ghedini <alessandro@ghedini.me>
Sun Feb 24 13:05:31 2019 +0000
committer
Adam Langley <agl@google.com>
Wed Feb 27 17:26:07 2019 +0000
tree
0de314ab0915d0d3f9e0ef852139d4b654c13a67
parent
1e0262ad872ca393e88c17e6e5c5b9abad3a36cc [diff]
Update *_set_cert_cb documentation regarding resumption

Since 34202b93b6195e9c55402a6bc2653956d0cd26d8 cert_cb is always called
before resumption is checked.

Change-Id: I27ca5653144027a1f545a90ecb6b68e64783a66a
Reviewed-on: https://boringssl-review.googlesource.com/c/35004
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 70ad930..b28dcf6 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -881,8 +881,9 @@
 // |SSL_get_client_CA_list| for information on the server's certificate
 // request.
 //
-// On the server, the callback will be called on non-resumption handshakes,
-// after extensions have been processed.
+// On the server, the callback will be called after extensions have been
+// processed, but before the resumption decision has been made. This differs
+// from OpenSSL which handles resumption before selecting the certificate.
 OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx,
                                         int (*cb)(SSL *ssl, void *arg),
                                         void *arg);
@@ -895,6 +896,10 @@
 // On the client, the callback may call |SSL_get0_certificate_types| and
 // |SSL_get_client_CA_list| for information on the server's certificate
 // request.
+//
+// On the server, the callback will be called after extensions have been
+// processed, but before the resumption decision has been made. This differs
+// from OpenSSL which handles resumption before selecting the certificate.
 OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg),
                                     void *arg);