boringssl

History

David Benjamin 3dd9016a51 Remove signature algorithm configuration hooks and SSL_ctrl. They're not called (new in 1.0.2). We actually may well need to configure these later to strike ECDSA from the list on Chrome/XP depending on what TLS 1.3 does, but for now striking it from the cipher suite list is both necessary and sufficient. I think we're better off removing these for now and adding new APIs later if we need them. (This API is weird. You pass in an array of NIDs that must be even length and alternating between hash and signature NID. We'd also need a way to query the configured set of sigalgs to filter away. Those used to exist but were removed in https://boringssl-review.googlesource.com/#/c/5347/. SSL_get_sigalgs is an even uglier API and doesn't act on the SSL_CTX.) And with that, SSL_ctrl and SSL_CTX_ctrl can finally be dropped. Don't leave no-op wrappers; anything calling SSL_ctrl and SSL_CTX_ctrl should instead switch to the wrapper macros. BUG=404754 Change-Id: I5d465cd27eef30d108eeb6de075330c9ef5c05e8 Reviewed-on: https://boringssl-review.googlesource.com/5675 Reviewed-by: Adam Langley <agl@google.com>	2015-08-18 22:13:20 +00:00
..
openssl	Remove signature algorithm configuration hooks and SSL_ctrl.	2015-08-18 22:13:20 +00:00

David Benjamin 3dd9016a51 Remove signature algorithm configuration hooks and SSL_ctrl.

They're not called (new in 1.0.2). We actually may well need to
configure these later to strike ECDSA from the list on Chrome/XP
depending on what TLS 1.3 does, but for now striking it from the cipher
suite list is both necessary and sufficient. I think we're better off
removing these for now and adding new APIs later if we need them.

(This API is weird. You pass in an array of NIDs that must be even
length and alternating between hash and signature NID. We'd also need a
way to query the configured set of sigalgs to filter away. Those used to
exist but were removed in
https://boringssl-review.googlesource.com/#/c/5347/. SSL_get_sigalgs is
an even uglier API and doesn't act on the SSL_CTX.)

And with that, SSL_ctrl and SSL_CTX_ctrl can *finally* be dropped. Don't
leave no-op wrappers; anything calling SSL_ctrl and SSL_CTX_ctrl should
instead switch to the wrapper macros.

BUG=404754

Change-Id: I5d465cd27eef30d108eeb6de075330c9ef5c05e8
Reviewed-on: https://boringssl-review.googlesource.com/5675
Reviewed-by: Adam Langley <agl@google.com>

2015-08-18 22:13:20 +00:00

openssl

Remove signature algorithm configuration hooks and SSL_ctrl.

2015-08-18 22:13:20 +00:00