Convert the Channel ID extension to the new system.
This also removes support for the “old” Channel ID extension.
Change-Id: I1168efb9365c274db6b9d7e32013336e4404ff54
Reviewed-on: https://boringssl-review.googlesource.com/5462
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 1338b4e..ebede0b 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1351,10 +1351,6 @@
/* If true, a client will advertise the Channel ID extension and a server
* will echo it. */
char tlsext_channel_id_enabled;
- /* tlsext_channel_id_enabled_new is a hack to support both old and new
- * ChannelID signatures. It indicates that a client should advertise the new
- * ChannelID extension number. */
- char tlsext_channel_id_enabled_new;
/* The client's Channel ID private key. */
EVP_PKEY *tlsext_channel_id_private;
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index b928050..541b039 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -548,11 +548,6 @@
* Channel IDs and that tlsext_channel_id will be valid after the
* handshake. */
char tlsext_channel_id_valid;
- /* tlsext_channel_id_new means that the updated Channel ID extension was
- * negotiated. This is a temporary hack in the code to support both forms of
- * Channel ID extension while we transition to the new format, which fixed a
- * security issue. */
- char tlsext_channel_id_new;
/* For a server:
* If |tlsext_channel_id_valid| is true, then this contains the
* verified Channel ID from the client: a P256 point, (x,y), where
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index ad8c130..b3be3e1 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -239,8 +239,7 @@
#define TLSEXT_TYPE_next_proto_neg 13172
/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_channel_id 30031
-#define TLSEXT_TYPE_channel_id_new 30032
+#define TLSEXT_TYPE_channel_id 30032
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
