Google Git
Sign in
boringssl / boringssl.git / ce9d85eedd4888848148e3b855e85efb1009224c^! / . / ssl
commitce9d85eedd4888848148e3b855e85efb1009224c[log] [tgz]
authorAdam Langley <alangley@gmail.com>Sun Jan 24 15:58:39 2016 -0800
committerAdam Langley <agl@google.com>Tue Jan 26 23:23:42 2016 +0000
treef090ce4abac17c5cce8eedf7f9f5c2e344b8e3d7
parenteac0ce09d85f71c91561451887bdf68fce9f611e [diff]
Tweaks for node.js

node.js is, effectively, another bindings library. However, it's better
written than most and, with these changes, only a couple of tiny fixes
are needed in node.js. Some of these changes are a little depressing
however so we'll need to push node.js to use APIs where possible.

Changes:
  ∙ Support verify_recover. This is very obscure and the motivation
    appears to be https://github.com/nodejs/node/issues/477 – where it's
    not clear that anyone understands what it means :(
  ∙ Add a few, no-op #defines
  ∙ Add some members to |SSL_CTX| and |SSL| – node.js needs to not
    reach into these structs in the future.
  ∙ Add EC_get_builtin_curves.
  ∙ Add EVP_[CIPHER|MD]_do_all_sorted – these functions are limited to
    decrepit.

Change-Id: I9a3566054260d6c4db9d430beb7c46cc970a9d46
Reviewed-on: https://boringssl-review.googlesource.com/6952
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5946fc2..fe3c173 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1180,7 +1180,7 @@
   ssl->max_cert_list = (uint32_t)max_cert_list;
 }
 
-void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
+int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
   if (max_send_fragment < 512) {
     max_send_fragment = 512;
   }
@@ -1188,9 +1188,11 @@
     max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
   }
   ctx->max_send_fragment = (uint16_t)max_send_fragment;
+
+  return 1;
 }
 
-void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
+int SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
   if (max_send_fragment < 512) {
     max_send_fragment = 512;
   }
@@ -1198,6 +1200,8 @@
     max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
   }
   ssl->max_send_fragment = (uint16_t)max_send_fragment;
+
+  return 1;
 }
 
 int SSL_set_mtu(SSL *ssl, unsigned mtu) {

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 68c380a..346746a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -1144,6 +1144,7 @@
 
 static void ext_ocsp_init(SSL *ssl) {
   ssl->s3->tmp.certificate_status_expected = 0;
+  ssl->tlsext_status_type = -1;
 }
 
 static int ext_ocsp_add_clienthello(SSL *ssl, CBB *out) {
@@ -1161,6 +1162,7 @@
     return 0;
   }
 
+  ssl->tlsext_status_type = TLSEXT_STATUSTYPE_ocsp;
   return 1;
 }