Google Git
Sign in
boringssl / boringssl / 5c57c60beb42ecb1bfa39a2802c0ee4c8623f136^! / . / ssl
commit5c57c60beb42ecb1bfa39a2802c0ee4c8623f136[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sat Jun 21 12:52:18 2014 -0400
committerDavid Benjamin <davidben@chromium.org>Mon Jun 23 18:37:12 2014 -0400
tree3f7331d30ad24b28041b93984e4e4efa6e1f8d28
parentac61fa379fde449f52f7804aa5e7e39554a37b74 [diff]
Deprecate SSL_get_client_certificate_types.

OpenSSL added SSL_get0_certificate_types and fixed the truncation (and
subsequent parse error) by adding an alternate copy of the data.
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=9f27b1eec3175305e62eed87faa80e231f319ca0

Make SSL_get_client_certificate_types call SSL_get0_certificate_types to query
the new list. Remove when Chromium is switched over.

Also remove a now unnecessary cast because SSL_get_client_certificate_types
fixed the type of tmp.ctypes. Further fix it to use a size_t and match the
cert_st copy OpenSSL added.

BUG=388000

Change-Id: Ic6653e10e5a3c3ac6b3fe2a2322f388d6ffb0a06

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 92b3680..1d934c2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -3195,8 +3195,8 @@
 			return (int)s->cert->ctype_num;
 			}
 		if (pctype)
-			*pctype = (unsigned char *)s->s3->tmp.ctype;
-		return s->s3->tmp.ctype_num;
+			*pctype = s->s3->tmp.ctype;
+		return (int)s->s3->tmp.ctype_num;
 		}
 
 	case SSL_CTRL_SET_CLIENT_CERT_TYPES:

diff --git a/ssl/ssl.h b/ssl/ssl.h
index fdb2808..701c283 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h

@@ -2416,6 +2416,7 @@
 int SSL_add_client_CA(SSL *ssl,X509 *x);
 int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
 
+/* Deprecated. Use SSL_get0_certificate_types instead. */
 void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
 	size_t *ctype_num);
 

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 1d3be7b..af1ecf2 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h

@@ -524,7 +524,7 @@
 
 		/* used for certificate requests */
 		int cert_req;
-		int ctype_num;
+		size_t ctype_num;
 		unsigned char ctype[SSL3_CT_NUMBER];
 		STACK_OF(X509_NAME) *ca_names;
 

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 095235e..1bad680 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -1020,16 +1020,9 @@
 void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
 	size_t *ctype_num)
 	{
-	if (s->s3 == NULL)
-		{
-		*ctype = NULL;
-		*ctype_num = 0;
-		return;
-		}
-
-	/* This always returns nothing for the server. */
-	*ctype = s->s3->tmp.ctype;
-	*ctype_num = s->s3->tmp.ctype_num;
+	/* TODO(fork): Remove this function once Chromium is updated
+	 * to use the new one. */
+	*ctype_num = SSL_get0_certificate_types((SSL*)s, ctype);
 	}
 
 static int xname_cmp(const X509_NAME **a, const X509_NAME **b)