Google Git
Sign in
boringssl/boringssl.git/f6494f49289a521edb0ccbc7027a2e7e8a54a850^!/./ssl/ssl_lib.c
commit
f6494f49289a521edb0ccbc7027a2e7e8a54a850
[log]
author
David Benjamin <davidben@chromium.org>
Thu Jan 07 12:37:41 2016 -0800
committer
David Benjamin <davidben@google.com>
Tue Jan 26 21:51:02 2016 +0000
tree
59d43d4e69dd015b2b1731c1b9608791a0fb1de5
parent
7027d25c6b049de7a7e3130198657528f8f7d8ac [diff] [blame]
Add a SSL_get_pending_cipher API.

Conscrypt needs to, in the certificate verification callback, know the key
exchange + auth method of the current cipher suite to pass into
X509TrustManager.checkServerTrusted. Currently it reaches into the struct to
get it. Add an API for this.

Change-Id: Ib4e0a1fbf1d9ea24e0114f760b7524e1f7bafe33
Reviewed-on: https://boringssl-review.googlesource.com/6881
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 483e386..5946fc2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -2572,6 +2572,13 @@
   return max_out;
 }
 
+const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl) {
+  if (!SSL_in_init(ssl)) {
+    return NULL;
+  }
+  return ssl->s3->tmp.new_cipher;
+}
+
 int SSL_clear(SSL *ssl) {
   if (ssl->method == NULL) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_METHOD_SPECIFIED);