diff options
author | Adam Langley <alangley@gmail.com> | 2016-01-25 02:58:39 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2016-01-27 02:23:42 +0300 |
commit | ce9d85eedd4888848148e3b855e85efb1009224c (patch) | |
tree | f090ce4abac17c5cce8eedf7f9f5c2e344b8e3d7 /ssl | |
parent | eac0ce09d85f71c91561451887bdf68fce9f611e (diff) |
Tweaks for node.js
node.js is, effectively, another bindings library. However, it's better
written than most and, with these changes, only a couple of tiny fixes
are needed in node.js. Some of these changes are a little depressing
however so we'll need to push node.js to use APIs where possible.
Changes:
∙ Support verify_recover. This is very obscure and the motivation
appears to be https://github.com/nodejs/node/issues/477 – where it's
not clear that anyone understands what it means :(
∙ Add a few, no-op #defines
∙ Add some members to |SSL_CTX| and |SSL| – node.js needs to not
reach into these structs in the future.
∙ Add EC_get_builtin_curves.
∙ Add EVP_[CIPHER|MD]_do_all_sorted – these functions are limited to
decrepit.
Change-Id: I9a3566054260d6c4db9d430beb7c46cc970a9d46
Reviewed-on: https://boringssl-review.googlesource.com/6952
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 8 | ||||
-rw-r--r-- | ssl/t1_lib.c | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5946fc2b..fe3c1738 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1180,7 +1180,7 @@ void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) { ssl->max_cert_list = (uint32_t)max_cert_list; } -void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) { +int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) { if (max_send_fragment < 512) { max_send_fragment = 512; } @@ -1188,9 +1188,11 @@ void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) { max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; } ctx->max_send_fragment = (uint16_t)max_send_fragment; + + return 1; } -void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) { +int SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) { if (max_send_fragment < 512) { max_send_fragment = 512; } @@ -1198,6 +1200,8 @@ void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) { max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; } ssl->max_send_fragment = (uint16_t)max_send_fragment; + + return 1; } int SSL_set_mtu(SSL *ssl, unsigned mtu) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 68c380a9..346746af 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1144,6 +1144,7 @@ static int ext_sigalgs_add_serverhello(SSL *ssl, CBB *out) { static void ext_ocsp_init(SSL *ssl) { ssl->s3->tmp.certificate_status_expected = 0; + ssl->tlsext_status_type = -1; } static int ext_ocsp_add_clienthello(SSL *ssl, CBB *out) { @@ -1161,6 +1162,7 @@ static int ext_ocsp_add_clienthello(SSL *ssl, CBB *out) { return 0; } + ssl->tlsext_status_type = TLSEXT_STATUSTYPE_ocsp; return 1; } |