d1e28ad53b
This isn't filled in on the client and Chromium no longer uses it for plain RSA. It's redundant with existing APIs. This is part of removing the need for callers to call SSL_get_session where possible. SSL_get_session is ambiguous when it comes to renego. Some code wants the current connection state which should not include the pending handshake and some code wants the handshake scratch space which should. Renego doesn't exist in TLS 1.3, but TLS 1.3 makes NewSessionTicket a post-handshake message, so SSL_get_session is somewhat silly of an API there too. SSL_SESSION_get_key_exchange_info is a BoringSSL-only API, so we can freely change it and replace it with APIs keyed on SSL. In doing so, I think it is better to provide APIs like "SSL_get_dhe_group_size" and "SSL_get_curve_id" rather than make the caller do the multi-step SSL_get_current_cipher / SSL_CIPHER_is_ECDHE dance. To that end, RSA key_exchange_info is pointless as it can already be determined from the peer certificate. Change-Id: Ie90523083d8649701c17934b7be0383502a0caa3 Reviewed-on: https://boringssl-review.googlesource.com/8564 Reviewed-by: Adam Langley <agl@google.com> |
||
---|---|---|
.. | ||
openssl |