Remove redundant SSL_ST_BEFORE-related checks.
SSL_ST_BEFORE isn't a possible state anymore. It seems this state meant the side wasn't known, back in the early SSLeay days. Now upstream guesses (sometimes incorrectly with generic methods), and we don't initialize until later. SSL_shutdown also doesn't bother to call ssl3_shutdown at all if the side isn't initialized and SSL_ST_BEFORE isn't the uninitialized state, which seems a much more sensible arrangement. Likewise, because bare SSL_ST_BEFOREs no longer exist, SSL_in_init implies SSL_in_before and there is no need to check both. Change-Id: Ie680838b2f860b895073dabb4d759996e21c2824 Reviewed-on: https://boringssl-review.googlesource.com/2564 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
138c2ac627
commit
7e23746dd4
@ -860,6 +860,8 @@ struct ssl_ctx_st
|
|||||||
int trust; /* Trust setting */
|
int trust; /* Trust setting */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* quiet_shutdown is true if the connection should not send a
|
||||||
|
* close_notify on shutdown. */
|
||||||
int quiet_shutdown;
|
int quiet_shutdown;
|
||||||
|
|
||||||
/* Maximum amount of data to send in one fragment.
|
/* Maximum amount of data to send in one fragment.
|
||||||
@ -1205,7 +1207,11 @@ struct ssl_st
|
|||||||
* NB: For servers, the 'new' session may actually be a previously
|
* NB: For servers, the 'new' session may actually be a previously
|
||||||
* cached session or even the previous session unless
|
* cached session or even the previous session unless
|
||||||
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
|
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
|
||||||
int quiet_shutdown;/* don't send shutdown packets */
|
|
||||||
|
/* quiet_shutdown is true if the connection should not send a
|
||||||
|
* close_notify on shutdown. */
|
||||||
|
int quiet_shutdown;
|
||||||
|
|
||||||
int shutdown; /* we have shut things down, 0x01 sent, 0x02
|
int shutdown; /* we have shut things down, 0x01 sent, 0x02
|
||||||
* for received */
|
* for received */
|
||||||
int state; /* where we are */
|
int state; /* where we are */
|
||||||
|
@ -1915,12 +1915,11 @@ int ssl3_shutdown(SSL *s)
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
/* Don't do anything much if we have not done the handshake or
|
/* Do nothing if configured not to send a close_notify. */
|
||||||
* we don't want to send messages :-) */
|
if (s->quiet_shutdown)
|
||||||
if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
|
|
||||||
{
|
{
|
||||||
s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
|
s->shutdown = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
|
||||||
return(1);
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(s->shutdown & SSL_SENT_SHUTDOWN))
|
if (!(s->shutdown & SSL_SENT_SHUTDOWN))
|
||||||
|
@ -2375,7 +2375,7 @@ int SSL_do_handshake(SSL *s)
|
|||||||
|
|
||||||
s->method->ssl_renegotiate_check(s);
|
s->method->ssl_renegotiate_check(s);
|
||||||
|
|
||||||
if (SSL_in_init(s) || SSL_in_before(s))
|
if (SSL_in_init(s))
|
||||||
{
|
{
|
||||||
ret=s->handshake_func(s);
|
ret=s->handshake_func(s);
|
||||||
}
|
}
|
||||||
|
@ -794,9 +794,9 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
|
|||||||
|
|
||||||
int ssl_clear_bad_session(SSL *s)
|
int ssl_clear_bad_session(SSL *s)
|
||||||
{
|
{
|
||||||
if ( (s->session != NULL) &&
|
if (s->session != NULL &&
|
||||||
!(s->shutdown & SSL_SENT_SHUTDOWN) &&
|
!(s->shutdown & SSL_SENT_SHUTDOWN) &&
|
||||||
!(SSL_in_init(s) || SSL_in_before(s)))
|
!SSL_in_init(s))
|
||||||
{
|
{
|
||||||
SSL_CTX_remove_session(s->ctx,s->session);
|
SSL_CTX_remove_session(s->ctx,s->session);
|
||||||
return(1);
|
return(1);
|
||||||
|
Loading…
Reference in New Issue
Block a user