kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
b398d16c1d
boringssl/include/openssl
History
David Benjamin b398d16c1d Remove SSL_check_chain and unexport CERT_PKEY flags. 
Both of these are newly-exported in OpenSSL 1.0.2, so they cannot be used by
current consumers.

This was added in upstream's 18d7158809c9722f4c6d2a8af7513577274f9b56 to
support custom selection of certificates. The intent seems to be that you
listen to cert_cb and use SSL_check_chain to lean on OpenSSL to process
signature algorithms list for you.

Unfortunately, the implementation is slightly suspect: it uses the same
function as the codepath which mutates and refers to the CERT_PKEY of the
matching type.  Some access was guarded by check_flags, but this is too
complex. Part of it is also because the matching digest is selected early and
we intend to connect this to EVP_PKEY_supports_digest so it is no longer a
property of just the key type.

Let's remove the hook for now, to unblock removing a lot of complexity. After
cleaning up this area, a function like this could be cleaner to support, but
we already have a version of this: select_certificate_cb and
ssl_early_callback_ctx.

Change-Id: I3add425b3996e5e32d4a88e14cc607b4fdaa5aec
Reviewed-on: https://boringssl-review.googlesource.com/2283
Reviewed-by: Adam Langley <agl@google.com>
2014-11-18 22:19:24 +00:00
..
aead.h Convert all zero-argument functions to '(void)' 2014-08-21 01:06:07 +00:00
aes.h Add visibility rules. 2014-07-31 22:03:11 +00:00
asn1_mac.h Add visibility rules. 2014-07-31 22:03:11 +00:00
asn1.h Don't mix and match libraries and errors. 2014-10-13 22:56:28 +00:00
asn1t.h Fix Windows shared library build. 2014-10-01 02:01:53 +00:00
base64.h Introduce EVP_DecodeBase64. 2014-08-25 23:00:28 +00:00
base.h Move the X509_NAME typedef into x509.h. 2014-10-28 22:38:38 +00:00
bio.h Add zero copy read and write api for bio pairs. 2014-11-18 14:06:46 -08:00
bn.h Fix BN_sub documentation. 2014-08-27 17:41:08 +00:00
buf.h Add visibility rules. 2014-07-31 22:03:11 +00:00
bytestring.h Extended master secret support. 2014-10-24 21:19:44 +00:00
chacha.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
cipher.h Add deprecated functions for tcpdump. 2014-09-26 22:10:45 +00:00
conf.h Convert all zero-argument functions to '(void)' 2014-08-21 01:06:07 +00:00
cpu.h Convert all zero-argument functions to '(void)' 2014-08-21 01:06:07 +00:00
crypto.h Add a CRYPTO_library_init and static-initializer-less build option. 2014-09-12 00:10:53 +00:00
des.h Add visibility rules. 2014-07-31 22:03:11 +00:00
dh.h Windows build fixes. 2014-08-11 22:10:02 +00:00
digest.h Add digest_test with tests for all existing EVP_MDs. 2014-11-06 01:49:03 +00:00
dsa.h Add misc functions for easier porting. 2014-09-18 22:38:11 +00:00
dtls1.h Keep retransmit window size architecture-independent. 2014-11-10 22:44:56 +00:00
ec_key.h Add visibility rules. 2014-07-31 22:03:11 +00:00
ec.h Compare r and s sizes to the order, not the degree. 2014-11-10 23:02:41 +00:00
ecdh.h Add visibility rules. 2014-07-31 22:03:11 +00:00
ecdsa.h Add visibility rules. 2014-07-31 22:03:11 +00:00
engine.h Add generic OPERATION_NOT_SUPPORTED error code. 2014-10-09 23:55:39 +00:00
err.h Remove ERR_LIB_PKCS12. 2014-10-31 18:25:06 +00:00
evp.h Add EVP_PKEY_supports_digest. 2014-11-18 22:18:36 +00:00
ex_data.h Add visibility rules. 2014-07-31 22:03:11 +00:00
hmac.h Add visibility rules. 2014-07-31 22:03:11 +00:00
lhash_macros.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
lhash.h Add visibility rules. 2014-07-31 22:03:11 +00:00
md4.h Add digest_test with tests for all existing EVP_MDs. 2014-11-06 01:49:03 +00:00
md5.h Readd MD4. 2014-08-26 21:51:48 +00:00
mem.h Add visibility rules. 2014-07-31 22:03:11 +00:00
modes.h Add visibility rules. 2014-07-31 22:03:11 +00:00
obj_mac.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
obj.h Clarify a comment. 2014-08-14 09:42:46 -07:00
objects.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
opensslfeatures.h Readd MD4. 2014-08-26 21:51:48 +00:00
opensslv.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
ossl_typ.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
pem.h unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
pkcs7.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
pkcs8.h Provide compatibility functions for PKCS#12 parsing. 2014-09-20 00:10:03 +00:00
pkcs12.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
poly1305.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
pqueue.h Export pqueue functions. 2014-09-03 21:38:19 +00:00
rand.h Convert all zero-argument functions to '(void)' 2014-08-21 01:06:07 +00:00
rc4.h Add visibility rules. 2014-07-31 22:03:11 +00:00
rsa.h Add EVP_PKEY_supports_digest. 2014-11-18 22:18:36 +00:00
safe_stack.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
sha.h Fix SHA*_Final documentation. 2014-10-06 23:51:50 +00:00
srtp.h Add less dangerous versions of SRTP functions. 2014-10-27 21:58:09 +00:00
ssl2.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
ssl3.h Remove support for processing fragmented alerts 2014-11-13 22:58:30 +00:00
ssl23.h Clean up s23_srvr.c. 2014-08-12 21:10:56 +00:00
ssl.h Remove SSL_check_chain and unexport CERT_PKEY flags. 2014-11-18 22:19:24 +00:00
stack_macros.h Mark all SSL_CIPHERs as const. 2014-08-18 17:55:05 +00:00
stack.h Mark all SSL_CIPHERs as const. 2014-08-18 17:55:05 +00:00
thread.h Also export some deprecated functions. 2014-08-01 10:33:29 -07:00
time_support.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
tls1.h Remove SSL_check_chain and unexport CERT_PKEY flags. 2014-11-18 22:19:24 +00:00
type_check.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
x509_vfy.h Add visibility rules. 2014-07-31 22:03:11 +00:00
x509.h Remove i2d_X509_PKEY and d2i_X509_PKEY. 2014-11-10 22:28:23 +00:00
x509v3.h Fix Windows shared library build. 2014-10-01 02:01:53 +00:00