Update *_set_cert_cb documentation regarding resumption

Since 34202b93b6 cert_cb is always called
before resumption is checked.

Change-Id: I27ca5653144027a1f545a90ecb6b68e64783a66a
Reviewed-on: https://boringssl-review.googlesource.com/c/35004
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
Alessandro Ghedini 2019-02-24 13:05:31 +00:00 committed by Adam Langley
parent 1e0262ad87
commit a6124742d0

View File

@ -881,8 +881,9 @@ OPENSSL_EXPORT int SSL_clear_chain_certs(SSL *ssl);
// |SSL_get_client_CA_list| for information on the server's certificate // |SSL_get_client_CA_list| for information on the server's certificate
// request. // request.
// //
// On the server, the callback will be called on non-resumption handshakes, // On the server, the callback will be called after extensions have been
// after extensions have been processed. // processed, but before the resumption decision has been made. This differs
// from OpenSSL which handles resumption before selecting the certificate.
OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx, OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx,
int (*cb)(SSL *ssl, void *arg), int (*cb)(SSL *ssl, void *arg),
void *arg); void *arg);
@ -895,6 +896,10 @@ OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx,
// On the client, the callback may call |SSL_get0_certificate_types| and // On the client, the callback may call |SSL_get0_certificate_types| and
// |SSL_get_client_CA_list| for information on the server's certificate // |SSL_get_client_CA_list| for information on the server's certificate
// request. // request.
//
// On the server, the callback will be called after extensions have been
// processed, but before the resumption decision has been made. This differs
// from OpenSSL which handles resumption before selecting the certificate.
OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg),
void *arg); void *arg);