Google Git
Sign in
boringssl / boringssl.git / d1d8078025cc654d60ee873c88740f8a987a77b7^! / . / include / openssl / ssl.h
commitd1d8078025cc654d60ee873c88740f8a987a77b7[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sun Jul 05 11:54:09 2015 -0400
committerAdam Langley <agl@google.com>Tue Jul 07 01:22:13 2015 +0000
tree41fa0b452fa1f1e6c70f152dedf53c8f34b9f08a
parent570364800c55d668b309d70a14cb2ee3d2f7892a [diff] [blame]
Fold away certificate slots mechanism.

This allows us to remove the confusing EVP_PKEY argument to the
SSL_PRIVATE_KEY_METHOD wrapper functions. It also simplifies some of the
book-keeping around the CERT structure, as well as the API for
configuring certificates themselves. The current one is a little odd as
some functions automatically route to the slot while others affect the
most recently touched slot. Others still (extra_certs) apply to all
slots, making them not terribly useful.

Consumers with complex needs should use cert_cb or the early callback
(select_certificate_cb) to configure whatever they like based on the
ClientHello.

BUG=486295

Change-Id: Ice29ffeb867fa4959898b70dfc50fc00137f01f3
Reviewed-on: https://boringssl-review.googlesource.com/5351
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 7b9d051..1295d87 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -495,8 +495,7 @@
 /* Configuring certificates and private keys.
  *
  * TODO(davidben): Move the other, more conventional, certificate and key
- * configuration functions here, possibly after simplifying the multiple slots
- * machinery first. https://crbug.com/486295. */
+ * configuration functions here. */
 
 enum ssl_private_key_result_t {
   ssl_private_key_success,
@@ -549,11 +548,8 @@
                                                  size_t *out_len, size_t max_out);
 } SSL_PRIVATE_KEY_METHOD;
 
-/* SSL_use_private_key_method configures a custom private key on
- * |ssl|. |key_method| must remain valid for the lifetime of |ssl|. Using custom
- * keys with the multiple certificate slots feature is not supported.
- *
- * TODO(davidben): Remove the multiple certificate slots feature. */
+/* SSL_use_private_key_method configures a custom private key on |ssl|.
+ * |key_method| must remain valid for the lifetime of |ssl|. */
 OPENSSL_EXPORT void SSL_set_private_key_method(
     SSL *ssl, const SSL_PRIVATE_KEY_METHOD *key_method);
 
@@ -1054,8 +1050,6 @@
 
   CRYPTO_EX_DATA ex_data;
 
-  STACK_OF(X509) *extra_certs;
-
 
   /* Default values used when no per-SSL value is defined follow */