Google Git
Sign in
boringssl / boringssl / 52d699f668d6a6d697dfc81a8b5d43e197b98170^! / .
commit52d699f668d6a6d697dfc81a8b5d43e197b98170[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Tue Nov 25 01:35:18 2014 -0500
committerAdam Langley <agl@google.com>Mon Dec 01 21:20:56 2014 +0000
treead3266a284226bb0c9d797e15b944090d3df393a
parent192f34b17599343c99c4d0b9e22fb61a31b21ad2 [diff]
Make OCSP response and SCT list getter const-correct.

The data is owned by the SSL_SESSION, so the caller should not modify it. This
will require changes in Chromium, but they should be trivial.

Change-Id: I314718530c7d810f7c7b8852339b782b4c2dace1
Reviewed-on: https://boringssl-review.googlesource.com/2409
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index a833e63..f3afd1b 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1068,14 +1068,16 @@
  * If no SCT was received then |*out_len| will be zero on return.
  *
  * WARNING: the returned data is not guaranteed to be well formed. */
-OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, uint8_t **out, size_t *out_len);
+OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl,
+	const uint8_t **out, size_t *out_len);
 
 /* SSL_get0_ocsp_response sets |*out| and |*out_len| to point to |*out_len|
  * bytes of an OCSP response from the server. This is the DER encoding of an
  * OCSPResponse type as defined in RFC 2560.
  *
  * WARNING: the returned data is not guaranteed to be well formed. */
-OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl, uint8_t **out, size_t *out_len);
+OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl,
+	const uint8_t **out, size_t *out_len);
 
 OPENSSL_EXPORT void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
 					   int (*cb) (SSL *ssl,

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5fb13da..6b48a0c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1612,7 +1612,7 @@
 	return 1;
 	}
 
-void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, uint8_t **out, size_t *out_len)
+void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out, size_t *out_len)
 	{
 	SSL_SESSION *session = ssl->session;
 
@@ -1626,7 +1626,7 @@
 	*out_len = session->tlsext_signed_cert_timestamp_list_length;
 	}
 
-void SSL_get0_ocsp_response(const SSL *ssl, uint8_t **out, size_t *out_len)
+void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, size_t *out_len)
 	{
 	SSL_SESSION *session = ssl->session;