Google Git
Sign in
boringssl / boringssl / 6a8d70c528eee2cd4b6f626c33d11e45a44ca2fa
commit6a8d70c528eee2cd4b6f626c33d11e45a44ca2fa[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Thu Nov 13 16:02:33 2014 -0500
committerAdam Langley <agl@google.com>Tue Nov 18 22:20:53 2014 +0000
tree19aa6a93a0e71b0d9f010cfa0ff05f53c2a74fe5
parent253b3e76dc8045dc4639164aeda8b966745f20a4 [diff]
Trim tls1_check_chain and CERT_PKEY flags.

Many are now unused. Only two are currently considered in cipher selection:
CERT_PKEY_VALID and CERT_PKEY_SIGN. (As per previous commits, this is either
bizarre due to limited slots or redundant with ssl_early_callback_ctx. We can
probably prune this too.)

This also fixes a bug where DTLS 1.0 went through a TLS 1.2 codepath. As the
DTLS code is currently arranged, all version comparisons must be done via
macros like SSL_USE_SIGALGS. (Probably we should add functions to map from DTLS
to TLS versions and slowly move the library to using the TLS version as
in-memory representation.)

Change-Id: I89bcf5b7b9ea5cdecf54f4445156586377328fe0
Reviewed-on: https://boringssl-review.googlesource.com/2286
Reviewed-by: Adam Langley <agl@google.com>
2 files changed
tree: 19aa6a93a0e71b0d9f010cfa0ff05f53c2a74fe5
  1. crypto/
  2. doc/
  3. include/
  4. ssl/
  5. tool/
  6. util/
  7. .clang-format
  8. .gitignore
  9. BUILDING
  10. CMakeLists.txt