Document a few more miscellaneous things.
Change-Id: Ib4829bf9344341e3d4fe90c7cea66e217366fe97
Reviewed-on: https://boringssl-review.googlesource.com/6091
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index dc258ef..aad127b 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -272,6 +272,10 @@
/* SSL_peek behaves like |SSL_read| but does not consume any bytes returned. */
OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num);
+/* SSL_pending returns the number of bytes available in |ssl|. It does not read
+ * from the transport. */
+OPENSSL_EXPORT int SSL_pending(const SSL *ssl);
+
/* SSL_write writes up to |num| bytes from |buf| into |ssl|. It implicitly runs
* any pending handshakes, including renegotiations when enabled. On success, it
* returns the number of bytes read. Otherwise, it returns <= 0. The caller
@@ -317,6 +321,24 @@
* it? */
OPENSSL_EXPORT int SSL_shutdown(SSL *ssl);
+/* SSL_CTX_set_quiet_shutdown sets quiet shutdown on |ctx| to |mode|. If
+ * enabled, |SSL_shutdown| will not send a close_notify alert or wait for one
+ * from the peer. It will instead synchronously return one. */
+OPENSSL_EXPORT void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+
+/* SSL_CTX_get_quiet_shutdown returns whether quiet shutdown is enabled for
+ * |ctx|. */
+OPENSSL_EXPORT int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+
+/* SSL_set_quiet_shutdown sets quiet shutdown on |ssl| to |mode|. If enabled,
+ * |SSL_shutdown| will not send a close_notify alert or wait for one from the
+ * peer. It will instead synchronously return one. */
+OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+
+/* SSL_get_quiet_shutdown returns whether quiet shutdown is enabled for
+ * |ssl|. */
+OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl);
+
/* SSL_get_error returns a |SSL_ERROR_*| value for the most recent operation on
* |ssl|. It should be called after an operation failed to determine. */
OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code);
@@ -2388,6 +2410,41 @@
OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl,
enum ssl_renegotiate_mode_t mode);
+/* SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer
+ * certificate chain. */
+#define SSL_MAX_CERT_LIST_DEFAULT 1024 * 100
+
+/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer
+ * certificate chain accepted by |ctx|. */
+OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx);
+
+/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer
+ * certificate chain to |max_cert_list|. This affects how much memory may be
+ * consumed during the handshake. */
+OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx,
+ size_t max_cert_list);
+
+/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer
+ * certificate chain accepted by |ssl|. */
+OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
+
+/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer
+ * certificate chain to |max_cert_list|. This affects how much memory may be
+ * consumed during the handshake. */
+OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
+
+/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
+ * sent by |ctx|. Beyond this length, handshake messages and application data
+ * will be split into multiple records. */
+OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
+ size_t max_send_fragment);
+
+/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records
+ * sent by |ssl|. Beyond this length, handshake messages and application data
+ * will be split into multiple records. */
+OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
+ size_t max_send_fragment);
+
/* Underdocumented functions.
*
@@ -2467,8 +2524,6 @@
struct ssl_aead_ctx_st;
typedef struct ssl_aead_ctx_st SSL_AEAD_CTX;
-#define SSL_MAX_CERT_LIST_DEFAULT 1024 * 100 /* 100k max cert list */
-
/* ssl_early_callback_ctx is passed to certain callbacks that are called very
* early on during the server handshake. At this point, much of the SSL* hasn't
* been filled out and only the ClientHello can be depended on. */
@@ -2659,7 +2714,6 @@
OPENSSL_EXPORT int SSL_get_fd(const SSL *s);
OPENSSL_EXPORT int SSL_get_rfd(const SSL *s);
OPENSSL_EXPORT int SSL_get_wfd(const SSL *s);
-OPENSSL_EXPORT int SSL_pending(const SSL *s);
OPENSSL_EXPORT int SSL_set_fd(SSL *s, int fd);
OPENSSL_EXPORT int SSL_set_rfd(SSL *s, int fd);
OPENSSL_EXPORT int SSL_set_wfd(SSL *s, int fd);
@@ -2679,10 +2733,6 @@
OPENSSL_EXPORT const char *SSL_alert_desc_string_long(int value);
OPENSSL_EXPORT const char *SSL_alert_desc_string(int value);
-OPENSSL_EXPORT void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
-OPENSSL_EXPORT int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode);
-OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl);
OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode);
OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl);
OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
@@ -2694,37 +2744,6 @@
int type, int val);
OPENSSL_EXPORT int SSL_state(const SSL *ssl);
-/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer
- * certificate chain accepted by |ctx|. */
-OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx);
-
-/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer
- * certificate chain to |max_cert_list|. This affects how much memory may be
- * consumed during the handshake. */
-OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx,
- size_t max_cert_list);
-
-/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer
- * certificate chain accepted by |ssl|. */
-OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
-
-/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer
- * certificate chain to |max_cert_list|. This affects how much memory may be
- * consumed during the handshake. */
-OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
-
-/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
- * sent by |ctx|. Beyond this length, handshake messages and application data
- * will be split into multiple records. */
-OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
- size_t max_send_fragment);
-
-/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records
- * sent by |ssl|. Beyond this length, handshake messages and application data
- * will be split into multiple records. */
-OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
- size_t max_send_fragment);
-
/* SSL_CTX_set_dos_protection_cb sets a callback that is called once the
* resumption decision for a ClientHello has been made. It can return 1 to
* allow the handshake to continue or zero to cause the handshake to abort. */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 355195e..97d917c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1238,9 +1238,11 @@
void SSL_set_read_ahead(SSL *s, int yes) { }
-int SSL_pending(const SSL *s) {
- return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length
- : 0;
+int SSL_pending(const SSL *ssl) {
+ if (ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA) {
+ return 0;
+ }
+ return ssl->s3->rrec.length;
}
/* Fix this so it checks all the valid key/cert options */
@@ -2096,15 +2098,15 @@
return ctx->quiet_shutdown;
}
-void SSL_set_quiet_shutdown(SSL *s, int mode) { s->quiet_shutdown = mode; }
+void SSL_set_quiet_shutdown(SSL *ssl, int mode) { ssl->quiet_shutdown = mode; }
-int SSL_get_quiet_shutdown(const SSL *s) { return s->quiet_shutdown; }
+int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; }
-void SSL_set_shutdown(SSL *s, int mode) { s->shutdown = mode; }
+void SSL_set_shutdown(SSL *ssl, int mode) { ssl->shutdown = mode; }
-int SSL_get_shutdown(const SSL *s) { return s->shutdown; }
+int SSL_get_shutdown(const SSL *ssl) { return ssl->shutdown; }
-int SSL_version(const SSL *s) { return s->version; }
+int SSL_version(const SSL *ssl) { return ssl->version; }
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
