Merge "Generate (EC)DSA nonces with truncate/test/reject."
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4a50d71..16d5225 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3195,8 +3195,8 @@
return (int)s->cert->ctype_num;
}
if (pctype)
- *pctype = (unsigned char *)s->s3->tmp.ctype;
- return s->s3->tmp.ctype_num;
+ *pctype = s->s3->tmp.ctype;
+ return (int)s->s3->tmp.ctype_num;
}
case SSL_CTRL_SET_CLIENT_CERT_TYPES:
diff --git a/ssl/ssl.h b/ssl/ssl.h
index c35c7f5..bff4f6a 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2411,6 +2411,7 @@
int SSL_add_client_CA(SSL *ssl,X509 *x);
int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+/* Deprecated. Use SSL_get0_certificate_types instead. */
void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
size_t *ctype_num);
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 1d3be7b..af1ecf2 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -524,7 +524,7 @@
/* used for certificate requests */
int cert_req;
- int ctype_num;
+ size_t ctype_num;
unsigned char ctype[SSL3_CT_NUMBER];
STACK_OF(X509_NAME) *ca_names;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 095235e..1bad680 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1020,16 +1020,9 @@
void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
size_t *ctype_num)
{
- if (s->s3 == NULL)
- {
- *ctype = NULL;
- *ctype_num = 0;
- return;
- }
-
- /* This always returns nothing for the server. */
- *ctype = s->s3->tmp.ctype;
- *ctype_num = s->s3->tmp.ctype_num;
+ /* TODO(fork): Remove this function once Chromium is updated
+ * to use the new one. */
+ *ctype_num = SSL_get0_certificate_types((SSL*)s, ctype);
}
static int xname_cmp(const X509_NAME **a, const X509_NAME **b)