Add an accessor for session->certs.

Chromium has some code which reaches into this field for memory accounting. This fixes a bug in doc.go where this line-wrapping confuses it. doc.go needs a bit of a rewrite, but this is a bit better. Change-Id: Ic9cc2c2fe9329d7bc366ccf91e0c9a92eae08ed2 Reviewed-on: https://boringssl-review.googlesource.com/27764 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-04-25 17:34:24 -04:00 · 2018-04-25 17:34:24 -04:00 · 855dabc9df
commit 855dabc9df
parent bf4bcdf16e
3 changed files with 19 additions and 2 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -1694,6 +1694,13 @@ OPENSSL_EXPORT uint32_t SSL_SESSION_get_timeout(const SSL_SESSION *session);
 // TODO(davidben): This should return a const X509 *.
 OPENSSL_EXPORT X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session);

+// SSL_SESSION_get0_peer_certificates returns the peer certificate chain stored
+// in |session|, or NULL if the peer did not use certificates. This is the
+// unverified list of certificates as sent by the peer, not the final chain
+// built during verification. The caller does not take ownership of the result.
+OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
+    SSL_SESSION_get0_peer_certificates(const SSL_SESSION *session);
+
 // SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s master
 // secret to |out| and returns the number of bytes written. If |max_out| is
 // zero, it returns the size of the master secret.
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@ -913,6 +913,11 @@ X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session) {
  return session->x509_peer;
 }

+const STACK_OF(CRYPTO_BUFFER) *
+    SSL_SESSION_get0_peer_certificates(const SSL_SESSION *session) {
+  return session->certs;
+}
+
 size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
                                  size_t max_out) {
  // TODO(davidben): Fix master_key_length's type and remove these casts.
--- a/util/doc.go
+++ b/util/doc.go
@ -17,6 +17,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 )

@ -216,6 +217,9 @@ func skipLine(s string) string {
 	return ""
 }

+var stackOfRegexp = regexp.MustCompile(`STACK_OF\(([^)]*)\)`)
+var lhashOfRegexp = regexp.MustCompile(`LHASH_OF\(([^)]*)\)`)
+
 func getNameFromDecl(decl string) (string, bool) {
 	for strings.HasPrefix(decl, "#if") || strings.HasPrefix(decl, "#elif") {
 		decl = skipLine(decl)
@ -249,8 +253,9 @@ func getNameFromDecl(decl string) (string, bool) {
 		return decl[:i], true
 	}
 	decl = strings.TrimPrefix(decl, "OPENSSL_EXPORT ")
-	decl = strings.TrimPrefix(decl, "STACK_OF(")
-	decl = strings.TrimPrefix(decl, "LHASH_OF(")
+	decl = strings.TrimPrefix(decl, "const ")
+	decl = stackOfRegexp.ReplaceAllString(decl, "STACK_OF_$1")
+	decl = lhashOfRegexp.ReplaceAllString(decl, "LHASH_OF_$1")
 	i := strings.Index(decl, "(")
 	if i < 0 {
 		return "", false