Google Git
Sign in
boringssl/boringssl.git/bbaf367969783ab7d9cecc42929c4d6ae584b68f^!/./ssl/ssl_lib.c
commit
bbaf367969783ab7d9cecc42929c4d6ae584b68f
[log]
author
David Benjamin <davidben@google.com>
Thu Nov 17 10:53:09 2016 +0900
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Thu Nov 17 02:49:19 2016 +0000
tree
b7875eb3205a815fd14d9a4185d3fee8e28dd77b
parent
a933c38f1af3ad7b03974ca7d7300b9df2162117 [diff] [blame]
Add |SSL_set_retain_only_sha256_of_client_certs|.

Previously the option to retain only the SHA-256 hash of client
certificates could only be set at the |SSL_CTX| level. This change makes
|SSL| objects inherit the setting from the |SSL_CTX|, but allows it to
be overridden on a per-|SSL| basis.

Change-Id: Id435934af3d425d5f008d2f3b9751d1d0884ee55
Reviewed-on: https://boringssl-review.googlesource.com/12182
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 982cb1a..001928f 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -412,6 +412,8 @@
   assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx);
   memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
   ssl->verify_callback = ctx->default_verify_callback;
+  ssl->retain_only_sha256_of_client_certs =
+      ctx->retain_only_sha256_of_client_certs;
 
   ssl->param = X509_VERIFY_PARAM_new();
   if (!ssl->param) {
@@ -2908,6 +2910,10 @@
   return ssl->s3->tmp.new_cipher;
 }
 
+void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, int enabled) {
+  ssl->retain_only_sha256_of_client_certs = !!enabled;
+}
+
 void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, int enabled) {
   ctx->retain_only_sha256_of_client_certs = !!enabled;
 }