958346a5e7
It's not completely clear to me why select_cetificate_cb behaves the way it does, however not only is it confusing, but it makes assumptions about the application using BoringSSL (it's not always possible to implement custom logic outside of the callbacks provided by libssl), that make this callback somewhat useless. Case in point, the callback can be used for changing min/max protocol versions based on per-site policies, and select_certificate_cb is the only place where SSL_set_min/max_proto_version() can be used (e.g. you can't call them in cert_cb because it's too late), but the decision on the specific versions to use might depend on configuration that needs retrieving asynchronously from over the network, which requires re-running the callback multiple times. Change-Id: Ia8e151b163628545373e7fd1f327e9af207478a6 Reviewed-on: https://boringssl-review.googlesource.com/13000 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> |
||
|---|---|---|
| .. | ||
| openssl | ||