Add |TLS_with_buffers_method|.
This allows a caller to get an |SSL_METHOD| that is free of crypto/x509.
Change-Id: I088e78310fd3ff5db453844784e7890659a633bf
Reviewed-on: https://boringssl-review.googlesource.com/14009
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ef22e8f..a018f84 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -187,6 +187,10 @@
/* DTLS_method is the |SSL_METHOD| used for DTLS connections. */
OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void);
+/* TLS_with_buffers_method is like |TLS_method|, but avoids all use of
+ * crypto/x509. */
+OPENSSL_EXPORT const SSL_METHOD *TLS_with_buffers_method(void);
+
/* SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL
* on error. */
OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
diff --git a/ssl/internal.h b/ssl/internal.h
index 6f2c4d3..144b680 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1495,10 +1495,6 @@
void (*ssl_ctx_flush_cached_client_CA)(SSL_CTX *ssl);
};
-/* ssl_noop_x509_method is implements the |ssl_x509_method_st| functions by
- * doing nothing. */
-extern const struct ssl_x509_method_st ssl_noop_x509_method;
-
/* ssl_crypto_x509_method provides the |ssl_x509_method_st| functions using
* crypto/x509. */
extern const struct ssl_x509_method_st ssl_crypto_x509_method;
diff --git a/ssl/tls_method.c b/ssl/tls_method.c
index 7f57552..7778310 100644
--- a/ssl/tls_method.c
+++ b/ssl/tls_method.c
@@ -290,7 +290,7 @@
static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) { }
static void ssl_noop_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {}
-const SSL_X509_METHOD ssl_noop_x509_method = {
+static const SSL_X509_METHOD ssl_noop_x509_method = {
ssl_noop_x509_check_client_CA_names,
ssl_noop_x509_clear,
ssl_noop_x509_free,
@@ -310,3 +310,12 @@
ssl_noop_x509_ssl_ctx_free,
ssl_noop_x509_ssl_ctx_flush_cached_client_CA,
};
+
+const SSL_METHOD *TLS_with_buffers_method(void) {
+ static const SSL_METHOD kMethod = {
+ 0,
+ &kTLSProtocolMethod,
+ &ssl_noop_x509_method,
+ };
+ return &kMethod;
+}