boringssl/ssl
David Benjamin 83a321231b Move SCT lists and OCSP responses to CERT.
Recent changes added SSL-level setters to these APIs. Unfortunately,
this has the side effect of breaking SSL_set_SSL_CTX, which is how SNI
is typically handled. SSL_set_SSL_CTX is kind of a weird function in
that it's very sensitive to which of the hodge-podge of config styles is
in use. I previously listed out all the config styles here, but it was
long and unhelpful. (I counted up to 7.)

Of the various SSL_set_SSL_CTX-visible config styles, the sanest seems
to be to move it to CERT. In this case, it's actually quite reasonable
since they're very certificate-related.

Later we may wish to think about whether we can cut down all 7 kinds of
config styles because this is kinda nuts. I'm wondering we should do
CERT => SSL_CONFIG, move everything there, and make that be the same
structure that is dropped post-handshake (supposing the caller has
disavowed SSL_clear and renego). Fruit for later thought. (Note though
that comes with a behavior change for all the existing config.)

Change-Id: I9aa47d8bd37bf2847869e0b577739d4d579ee4ae
Reviewed-on: https://boringssl-review.googlesource.com/13864
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-02-15 00:42:38 +00:00
..
test Stop skipping stray HelloRequests. 2017-02-13 19:44:22 +00:00
bio_ssl.c Move the SSL BIO into ssl/ from decrepit/. 2017-02-03 21:08:10 +00:00
CMakeLists.txt Moving transcript and PRF functions to SSL_TRANSCRIPT. 2017-02-10 16:33:42 +00:00
custom_extensions.c Pass explicit hs parameters into custom_extensions.c. 2016-12-06 19:49:36 +00:00
d1_both.c Moving transcript and PRF functions to SSL_TRANSCRIPT. 2017-02-10 16:33:42 +00:00
d1_lib.c Add a helper function for resetting SSL_get_error state. 2017-01-04 04:48:44 +00:00
d1_pkt.c Fold ssl3_write_bytes into ssl3_write_app_data. 2017-02-02 22:23:46 +00:00
d1_srtp.c
dtls_method.c Add |X509_METHOD| and, using it, move many functions to ssl_x509.c. 2017-02-09 18:30:35 +00:00
dtls_record.c Don't use the buffer BIO in DTLS. 2017-01-25 23:35:32 +00:00
handshake_client.c Simplify state and info_callback management. 2017-02-13 19:52:27 +00:00
handshake_server.c Move SCT lists and OCSP responses to CERT. 2017-02-15 00:42:38 +00:00
internal.h Move SCT lists and OCSP responses to CERT. 2017-02-15 00:42:38 +00:00
s3_both.c Stop skipping stray HelloRequests. 2017-02-13 19:44:22 +00:00
s3_lib.c Moving transcript and PRF functions to SSL_TRANSCRIPT. 2017-02-10 16:33:42 +00:00
s3_pkt.c Establish that the default value of an out-arg for alerts is SSL_AD_DECODE_ERROR. 2017-02-09 18:07:30 +00:00
ssl_aead_ctx.c Allow dtls_seal_record to work in-place. 2017-01-25 16:27:32 +00:00
ssl_asn1.c Remove |X509| things from SSL_SESSION. 2017-02-10 19:12:04 +00:00
ssl_buffer.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
ssl_cert.c Move SCT lists and OCSP responses to CERT. 2017-02-15 00:42:38 +00:00
ssl_cipher.c Moving transcript and PRF functions to SSL_TRANSCRIPT. 2017-02-10 16:33:42 +00:00
ssl_ecdh.c Remove New Hope key agreement. 2016-12-10 01:06:31 +00:00
ssl_file.c Remove |X509| things from SSL_SESSION. 2017-02-10 19:12:04 +00:00
ssl_lib.c Move SCT lists and OCSP responses to CERT. 2017-02-15 00:42:38 +00:00
ssl_privkey_cc.cc Rename ssl_rsa.c to ssl_privkey.c. 2017-02-09 18:45:11 +00:00
ssl_privkey.c Rename ssl_rsa.c to ssl_privkey.c. 2017-02-09 18:45:11 +00:00
ssl_session.c Unexport the handshake's internal state. 2017-02-13 19:44:30 +00:00
ssl_stat.c Unexport the handshake's internal state. 2017-02-13 19:44:30 +00:00
ssl_test.cc Move SCT lists and OCSP responses to CERT. 2017-02-15 00:42:38 +00:00
ssl_transcript.c Moving transcript and PRF functions to SSL_TRANSCRIPT. 2017-02-10 16:33:42 +00:00
ssl_x509.c Remove |X509| things from SSL_SESSION. 2017-02-10 19:12:04 +00:00
t1_enc.c Moving transcript and PRF functions to SSL_TRANSCRIPT. 2017-02-10 16:33:42 +00:00
t1_lib.c Move SCT lists and OCSP responses to CERT. 2017-02-15 00:42:38 +00:00
tls13_both.c Move SCT lists and OCSP responses to CERT. 2017-02-15 00:42:38 +00:00
tls13_client.c Remove |X509| things from SSL_SESSION. 2017-02-10 19:12:04 +00:00
tls13_enc.c Moving transcript and PRF functions to SSL_TRANSCRIPT. 2017-02-10 16:33:42 +00:00
tls13_server.c Remove |X509| things from SSL_SESSION. 2017-02-10 19:12:04 +00:00
tls_method.c Remove |X509| things from SSL_SESSION. 2017-02-10 19:12:04 +00:00
tls_record.c Don't use the buffer BIO in DTLS. 2017-01-25 23:35:32 +00:00