Google Git
Sign in
boringssl/boringssl.git/ba2d3df75981449c56e8cc276b2a56319483fc4a^!/.
commit
ba2d3df75981449c56e8cc276b2a56319483fc4a
[log]
author
David Benjamin <davidben@google.com>
Fri Aug 04 13:59:24 2017 -0400
committer
David Benjamin <davidben@google.com>
Mon Aug 07 21:01:25 2017 +0000
tree
a4ce867eeec30a263f6a365ffa3851069e6a4459
parent
e3dee27f9c90a81921be545c26f7eda1bdb5085b [diff]
Add DTLS_with_buffers_method.

WebRTC will need this (probably among other things) to lose crypto/x509
at some point.

Bug: chromium:706445
Change-Id: I988e7300c4d913986b6ebbd1fa4130548dde76a4
Reviewed-on: https://boringssl-review.googlesource.com/18904
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index a5ac325..0eb2cc5 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -192,6 +192,10 @@
  * crypto/x509. */
 OPENSSL_EXPORT const SSL_METHOD *TLS_with_buffers_method(void);
 
+/* DTLS_with_buffers_method is like |DTLS_method|, but avoids all use of
+ * crypto/x509. */
+OPENSSL_EXPORT const SSL_METHOD *DTLS_with_buffers_method(void);
+
 /* SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL
  * on error. */
 OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);

diff --git a/ssl/dtls_method.cc b/ssl/dtls_method.cc
index 1508b99..1d089e8 100644
--- a/ssl/dtls_method.cc
+++ b/ssl/dtls_method.cc

@@ -142,6 +142,15 @@
   return &kMethod;
 }
 
+const SSL_METHOD *DTLS_with_buffers_method(void) {
+  static const SSL_METHOD kMethod = {
+      0,
+      &kDTLSProtocolMethod,
+      &ssl_noop_x509_method,
+  };
+  return &kMethod;
+}
+
 /* Legacy version-locked methods. */
 
 const SSL_METHOD *DTLSv1_2_method(void) {

diff --git a/ssl/internal.h b/ssl/internal.h
index 8e70ea7..c8ed13b 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1554,6 +1554,10 @@
  * crypto/x509. */
 extern const SSL_X509_METHOD ssl_crypto_x509_method;
 
+/* ssl_noop_x509_method provides the |SSL_X509_METHOD| functions that avoid
+ * crypto/x509. */
+extern const SSL_X509_METHOD ssl_noop_x509_method;
+
 struct SSL3_RECORD {
   /* type is the record type. */
   uint8_t type;

diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc
index 89ff9ad..b2c7b46 100644
--- a/ssl/tls_method.cc
+++ b/ssl/tls_method.cc

@@ -155,7 +155,7 @@
 static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) { }
 static void ssl_noop_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {}
 
-static const SSL_X509_METHOD ssl_noop_x509_method = {
+const SSL_X509_METHOD ssl_noop_x509_method = {
   ssl_noop_x509_check_client_CA_names,
   ssl_noop_x509_clear,
   ssl_noop_x509_free,