I'm not sure why the SSL versions of these functions return int while the SSL_CTX version returns void. It looks like this dates to https://boringssl-review.googlesource.com/c/1491/, of which the initial upload was an SSL_ctrl macro. I guess one of the ints got accidentally preserved in conversion. (No existing caller, aside from bssl_shim, checks the result.) Change-Id: Id54309c1aa03462d520b9a45cdfdefdd2cdd1298 Reviewed-on: https://boringssl-review.googlesource.com/13866 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15
@@ -2241,11 +2241,11 @@ OPENSSL_EXPORT void SSL_CTX_set_cert_verify_callback( | |||||
/* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end | /* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end | ||||
* of a connection) to request SCTs from the server. See | * of a connection) to request SCTs from the server. See | ||||
* https://tools.ietf.org/html/rfc6962. It returns one. | |||||
* https://tools.ietf.org/html/rfc6962. | |||||
* | * | ||||
* Call |SSL_get0_signed_cert_timestamp_list| to recover the SCT after the | * Call |SSL_get0_signed_cert_timestamp_list| to recover the SCT after the | ||||
* handshake. */ | * handshake. */ | ||||
OPENSSL_EXPORT int SSL_enable_signed_cert_timestamps(SSL *ssl); | |||||
OPENSSL_EXPORT void SSL_enable_signed_cert_timestamps(SSL *ssl); | |||||
/* SSL_CTX_enable_signed_cert_timestamps enables SCT requests on all client SSL | /* SSL_CTX_enable_signed_cert_timestamps enables SCT requests on all client SSL | ||||
* objects created from |ctx|. | * objects created from |ctx|. | ||||
@@ -2255,12 +2255,11 @@ OPENSSL_EXPORT int SSL_enable_signed_cert_timestamps(SSL *ssl); | |||||
OPENSSL_EXPORT void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx); | OPENSSL_EXPORT void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx); | ||||
/* SSL_enable_ocsp_stapling causes |ssl| (which must be the client end of a | /* SSL_enable_ocsp_stapling causes |ssl| (which must be the client end of a | ||||
* connection) to request a stapled OCSP response from the server. It returns | |||||
* one. | |||||
* connection) to request a stapled OCSP response from the server. | |||||
* | * | ||||
* Call |SSL_get0_ocsp_response| to recover the OCSP response after the | * Call |SSL_get0_ocsp_response| to recover the OCSP response after the | ||||
* handshake. */ | * handshake. */ | ||||
OPENSSL_EXPORT int SSL_enable_ocsp_stapling(SSL *ssl); | |||||
OPENSSL_EXPORT void SSL_enable_ocsp_stapling(SSL *ssl); | |||||
/* SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects | /* SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects | ||||
* created from |ctx|. | * created from |ctx|. | ||||
@@ -1567,18 +1567,16 @@ void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) { | |||||
ctx->signed_cert_timestamps_enabled = 1; | ctx->signed_cert_timestamps_enabled = 1; | ||||
} | } | ||||
int SSL_enable_signed_cert_timestamps(SSL *ssl) { | |||||
void SSL_enable_signed_cert_timestamps(SSL *ssl) { | |||||
ssl->signed_cert_timestamps_enabled = 1; | ssl->signed_cert_timestamps_enabled = 1; | ||||
return 1; | |||||
} | } | ||||
void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) { | void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) { | ||||
ctx->ocsp_stapling_enabled = 1; | ctx->ocsp_stapling_enabled = 1; | ||||
} | } | ||||
int SSL_enable_ocsp_stapling(SSL *ssl) { | |||||
void SSL_enable_ocsp_stapling(SSL *ssl) { | |||||
ssl->ocsp_stapling_enabled = 1; | ssl->ocsp_stapling_enabled = 1; | ||||
return 1; | |||||
} | } | ||||
void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out, | void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out, | ||||
@@ -1584,13 +1584,11 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session, | |||||
!SSL_set_srtp_profiles(ssl.get(), config->srtp_profiles.c_str())) { | !SSL_set_srtp_profiles(ssl.get(), config->srtp_profiles.c_str())) { | ||||
return false; | return false; | ||||
} | } | ||||
if (config->enable_ocsp_stapling && | |||||
!SSL_enable_ocsp_stapling(ssl.get())) { | |||||
return false; | |||||
if (config->enable_ocsp_stapling) { | |||||
SSL_enable_ocsp_stapling(ssl.get()); | |||||
} | } | ||||
if (config->enable_signed_cert_timestamps && | |||||
!SSL_enable_signed_cert_timestamps(ssl.get())) { | |||||
return false; | |||||
if (config->enable_signed_cert_timestamps) { | |||||
SSL_enable_signed_cert_timestamps(ssl.get()); | |||||
} | } | ||||
if (config->min_version != 0 && | if (config->min_version != 0 && | ||||
!SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) { | !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) { | ||||