Google Git
Sign in
boringssl / boringssl / b31040d0d8bbfa563a39e2321131074816d9d21b
commitb31040d0d8bbfa563a39e2321131074816d9d21b[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sun Jun 07 10:53:32 2015 -0400
committerAdam Langley <agl@google.com>Mon Jun 08 22:13:45 2015 +0000
treedaa27ec3ef9985512b241008b96cb00553b7251a
parentc7a3a148721c2b02ed31297bcc2a823949225e67 [diff]
Get rid of CERT_PKEY slots in SESS_CERT.

This doesn't even change behavior. Unlike local configuration, the peer
can never have multiple certificates anyway. (Even with a renego, the
SESS_CERT is created anew.)

This does lose the implicit certificate type check, but the certificate
type is already checked in ssl3_get_server_certificate and later checked
post-facto in ssl3_check_cert_and_algorithm (except that one seems to
have some bugs like it accepts ECDSA certificates for RSA cipher suites,
to be cleaned up in a follow-up). Either way, we have the certificate
mismatch tests for this.

BUG=486295

Change-Id: I437bb723bb310ad54ee4150eda67c1cfe43377b3
Reviewed-on: https://boringssl-review.googlesource.com/5044
Reviewed-by: Adam Langley <agl@google.com>
3 files changed
tree: daa27ec3ef9985512b241008b96cb00553b7251a
  1. crypto/
  2. decrepit/
  3. doc/
  4. include/
  5. ssl/
  6. tool/
  7. util/
  8. .clang-format
  9. .gitignore
  10. BUILDING
  11. CMakeLists.txt
  12. codereview.settings
  13. LICENSE
  14. STYLE