boringssl

History

David Benjamin 5b220ee70d Add APIs to query authentication properties of SSL_SESSIONs. This is so Chromium can verify the session before offering it, rather than doing it after the handshake (at which point it's too late to punt the session) as we do today. This should, in turn, allow us to finally verify certificates off a callback and order it correctly relative to CertificateRequest in TLS 1.3. (It will also order "correctly" in TLS 1.2, but this is useless. TLS 1.2 does not bind the CertificateRequest to the certificate at the point the client needs to act on it.) Bug: chromium:347402 Change-Id: I0daac2868c97b820aead6c3a7e4dc30d8ba44dc4 Reviewed-on: https://boringssl-review.googlesource.com/28405 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>	2018-05-14 19:10:48 +00:00
..
openssl	Add APIs to query authentication properties of SSL_SESSIONs.	2018-05-14 19:10:48 +00:00

David Benjamin 5b220ee70d Add APIs to query authentication properties of SSL_SESSIONs.

This is so Chromium can verify the session before offering it, rather
than doing it after the handshake (at which point it's too late to punt
the session) as we do today. This should, in turn, allow us to finally
verify certificates off a callback and order it correctly relative to
CertificateRequest in TLS 1.3.

(It will also order "correctly" in TLS 1.2, but this is useless. TLS 1.2
does not bind the CertificateRequest to the certificate at the point the
client needs to act on it.)

Bug: chromium:347402
Change-Id: I0daac2868c97b820aead6c3a7e4dc30d8ba44dc4
Reviewed-on: https://boringssl-review.googlesource.com/28405
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>

2018-05-14 19:10:48 +00:00

openssl

Add APIs to query authentication properties of SSL_SESSIONs.

2018-05-14 19:10:48 +00:00