commit c0c9001440db8121bdc1ff1307b3a9aedf26fcd8
author Jeremy Apthorp <jeremya@chromium.org> Thu Oct 18 14:18:05 2018 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Oct 19 00:30:32 2018 +0000
tree f52137b9b43fdb371a47abf66803bc496e5d1047
parent 6f579c0e9e3db3712304fc55f9fb9451d49ae37c

Implement SSL_get_tlsext_status_type

It's used by Node.js[1], and is simple to implement.

[1]: https://github.com/nodejs/node/blob/e2f58c71ddf0f91256cc85e6bb226a068256c5eb/src/node_crypto.cc#L2390

Change-Id: Ie5c76b848623d00f7478aeae0214c25472de523c
Reviewed-on: https://boringssl-review.googlesource.com/c/32525
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_lib.cc

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 9c16de4..1f64865 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -2751,6 +2751,19 @@
   return 1;
 }
 
+int SSL_get_tlsext_status_type(const SSL *ssl) {
+  if (ssl->server) {
+    SSL_HANDSHAKE *hs = ssl->s3->hs.get();
+    return hs != nullptr && hs->ocsp_stapling_requested
+        ? TLSEXT_STATUSTYPE_ocsp
+        : TLSEXT_STATUSTYPE_nothing;
+  }
+
+  return ssl->config != nullptr && ssl->config->ocsp_stapling_enabled
+             ? TLSEXT_STATUSTYPE_ocsp
+             : TLSEXT_STATUSTYPE_nothing;
+}
+
 int SSL_set_tlsext_status_ocsp_resp(SSL *ssl, uint8_t *resp, size_t resp_len) {
   if (SSL_set_ocsp_response(ssl, resp, resp_len)) {
     OPENSSL_free(resp);