Remove the get_peer_groups parameter to tls1_get_grouplist. It's weird and makes things more confusing. Only use it for local preferences as there is a default. Peer preferences can be read directly. Also simplify the logic for requiring a non-empty peer group list for ECDHE. The normal logic will give us this for free. Change-Id: I1916155fe246be988f20cbf0b1728380ec90ff3d Reviewed-on: https://boringssl-review.googlesource.com/11527 Reviewed-by: Adam Langley <agl@google.com>

commit: f04976ba254a909e8f94ffdf2e18ad50a0580560 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Oct 07 00:37:55 2016 -0400
committer: Adam Langley <agl@google.com> Sun Oct 09 17:19:24 2016 +0000
tree: e8e343f9e8eb410a1a6890a419b8d5bfaaecb65d
parent: 9d0b4bcb9245eeb00139f746f842d78650859337 [diff] [blame]
diff --git a/ssl/internal.h b/ssl/internal.h
index bd8d3df..1efc486 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1509,10 +1509,8 @@
                                 size_t premaster_len);
 
 /* tls1_get_grouplist sets |*out_group_ids| and |*out_group_ids_len| to the
- * list of allowed group IDs. If |get_peer_groups| is non-zero, return the
- * peer's group list. Otherwise, return the preferred list. */
-void tls1_get_grouplist(SSL *ssl, int get_peer_groups,
-                        const uint16_t **out_group_ids,
+ * locally-configured group preference list. */
+void tls1_get_grouplist(SSL *ssl, const uint16_t **out_group_ids,
                         size_t *out_group_ids_len);
 
 /* tls1_check_group_id returns one if |group_id| is consistent with
commit	f04976ba254a909e8f94ffdf2e18ad50a0580560	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Oct 07 00:37:55 2016 -0400
committer	Adam Langley <agl@google.com>	Sun Oct 09 17:19:24 2016 +0000
tree	e8e343f9e8eb410a1a6890a419b8d5bfaaecb65d
parent	9d0b4bcb9245eeb00139f746f842d78650859337 [diff] [blame]