Tidy up a few certificate-related utility functions. These will all want to be shared with the TLS 1.3 handshake. Change-Id: I4e50dc0ed2295d43c7ae800015d71c1406311801 Reviewed-on: https://boringssl-review.googlesource.com/8776 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/internal.h b/ssl/internal.h index 4e1c458..359191d 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -466,7 +466,7 @@ /* ssl_has_private_key returns one if |ssl| has a private key * configured and zero otherwise. */ -int ssl_has_private_key(SSL *ssl); +int ssl_has_private_key(const SSL *ssl); /* ssl_private_key_* call the corresponding function on the * |SSL_PRIVATE_KEY_METHOD| for |ssl|, if configured. Otherwise, they implement @@ -734,10 +734,24 @@ /* Certificate functions. */ +/* ssl_has_certificate returns one if a certificate and private key are + * configured and zero otherwise. */ +int ssl_has_certificate(const SSL *ssl); + /* ssl_add_cert_to_cbb adds |x509| to |cbb|. It returns one on success and zero * on error. */ int ssl_add_cert_to_cbb(CBB *cbb, X509 *x509); +/* ssl_add_cert_chain adds |ssl|'s certificate chain to |cbb| in the format used + * by a TLS Certificate message. If there is no certificate chain, it emits an + * empty certificate list. It returns one on success and zero on error. */ +int ssl_add_cert_chain(SSL *ssl, CBB *cbb); + +/* ssl_add_client_CA_list adds the configured CA list to |cbb| in the format + * used by a TLS CertificateRequest message. It returns one on success and zero + * on error. */ +int ssl_add_client_CA_list(SSL *ssl, CBB *cbb); + /* Underdocumented functions. * @@ -1014,7 +1028,6 @@ int (*cb)(SSL *ssl, void *arg), void *arg); int ssl_verify_cert_chain(SSL *ssl, STACK_OF(X509) *cert_chain); -int ssl_add_cert_chain(SSL *ssl, CBB *cbb); void ssl_update_cache(SSL *ssl, int mode); /* ssl_get_compatible_server_ciphers determines the key exchange and