)]}'
{
  "commit": "12a3e7edf6dad774bf3d824dd2cb5405268f087e",
  "tree": "15159971350ae5d7caef4822811ae142b94b35f0",
  "parents": [
    "e4c19175abe1c1a113ee95ad0c8b3fc4239b5ccb"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Tue Apr 13 11:47:36 2021 -0400"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Tue Apr 13 17:27:36 2021 +0000"
  },
  "message": "Check for invalid ALPN inputs in SSL_(CTX_)set_alpn_protos.\n\nSee also 86a90dc749af91f8a7b8da6628c9ffca2bae3009 from upstream. This\ndiffers from upstream\u0027s which treats {NULL, 2} as a valid way to spell\nthe empty list. (I think this is a mistake and have asked them about\nit.)\n\nUpstream\u0027s CL also, for them, newly makes the empty list disable ALPN,\nwhen previously they\u0027d disable it but misread it as a malloc failure.\nFor us, we\u0027d already fixed the misreading due to our switch to\nbssl::Array and bssl::Span, but the documentation was odd. This CL\npreserves that behavior, but updates the documentation and writes a\ntest.\n\nUpdate-Note: SSL_CTX_set_alpn_protos and SSL_set_alpn_protos will now\nreject invalud inputs. Previously, they would accept them, but silently\nsend an invalid ALPN extension which the server would almost certainly\nerror on.\n\nChange-Id: Id5830b2d8c3a5cee4712878fe92ee350c4914367\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46804\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "da85b1fd7a273493a9a11e82c02f5ccada653bb8",
      "old_mode": 33188,
      "old_path": "crypto/err/ssl.errordata",
      "new_id": "04c7d53ee65ab73faeab6986f7ca8c51052eb57d",
      "new_mode": 33188,
      "new_path": "crypto/err/ssl.errordata"
    },
    {
      "type": "modify",
      "old_id": "16b64c10be60b4b229d878e301eb421279f4dbef",
      "old_mode": 33188,
      "old_path": "include/openssl/ssl.h",
      "new_id": "8d8e0916222d773b8777198baad9f272bce59789",
      "new_mode": 33188,
      "new_path": "include/openssl/ssl.h"
    },
    {
      "type": "modify",
      "old_id": "7a3979bb94d5ad828c9fcb054960ec301a5f2d48",
      "old_mode": 33188,
      "old_path": "ssl/internal.h",
      "new_id": "e1585c3fb26c9b56b8aed5cf9ebd0e48ceebed2f",
      "new_mode": 33188,
      "new_path": "ssl/internal.h"
    },
    {
      "type": "modify",
      "old_id": "4e820f083679048ea83139e4ffbce9419866aefa",
      "old_mode": 33188,
      "old_path": "ssl/ssl_lib.cc",
      "new_id": "522c09e5287f5672f44b86fcfa43137a9754e980",
      "new_mode": 33188,
      "new_path": "ssl/ssl_lib.cc"
    },
    {
      "type": "modify",
      "old_id": "0c6bf5019163d9b24a258cf7105297c69edc1a2d",
      "old_mode": 33188,
      "old_path": "ssl/ssl_test.cc",
      "new_id": "1f402dbeac99326bd9ef0125f9f1f13262e9e982",
      "new_mode": 33188,
      "new_path": "ssl/ssl_test.cc"
    },
    {
      "type": "modify",
      "old_id": "20517c41364b392184d4847c2362e2d216c86185",
      "old_mode": 33188,
      "old_path": "ssl/t1_lib.cc",
      "new_id": "3a88cd15b00c97f67e372922aee0d656ba9640d3",
      "new_mode": 33188,
      "new_path": "ssl/t1_lib.cc"
    }
  ]
}