Google Git
Sign in
pigweed / third_party / boringssl / boringssl / 39425b0f3697e15c9b33f306678b0a10f29ef80c^! / .
commit39425b0f3697e15c9b33f306678b0a10f29ef80c[log] [tgz]
authorAdam Langley <agl@google.com>Tue Feb 28 11:26:18 2017 -0800
committerAdam Langley <agl@google.com>Wed Mar 01 00:24:40 2017 +0000
tree350dabbdf377e0dee23485fdc7d77041ff87e4cc
parentd5c565a98d4d036db91d34810e39fb116bf38c56 [diff]
Add |TLS_with_buffers_method|.

This allows a caller to get an |SSL_METHOD| that is free of crypto/x509.

Change-Id: I088e78310fd3ff5db453844784e7890659a633bf
Reviewed-on: https://boringssl-review.googlesource.com/14009
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ef22e8f..a018f84 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -187,6 +187,10 @@
 /* DTLS_method is the |SSL_METHOD| used for DTLS connections. */
 OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void);
 
+/* TLS_with_buffers_method is like |TLS_method|, but avoids all use of
+ * crypto/x509. */
+OPENSSL_EXPORT const SSL_METHOD *TLS_with_buffers_method(void);
+
 /* SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL
  * on error. */
 OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);

diff --git a/ssl/internal.h b/ssl/internal.h
index 6f2c4d3..144b680 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1495,10 +1495,6 @@
   void (*ssl_ctx_flush_cached_client_CA)(SSL_CTX *ssl);
 };
 
-/* ssl_noop_x509_method is implements the |ssl_x509_method_st| functions by
- * doing nothing. */
-extern const struct ssl_x509_method_st ssl_noop_x509_method;
-
 /* ssl_crypto_x509_method provides the |ssl_x509_method_st| functions using
  * crypto/x509. */
 extern const struct ssl_x509_method_st ssl_crypto_x509_method;

diff --git a/ssl/tls_method.c b/ssl/tls_method.c
index 7f57552..7778310 100644
--- a/ssl/tls_method.c
+++ b/ssl/tls_method.c

@@ -290,7 +290,7 @@
 static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) { }
 static void ssl_noop_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {}
 
-const SSL_X509_METHOD ssl_noop_x509_method = {
+static const SSL_X509_METHOD ssl_noop_x509_method = {
   ssl_noop_x509_check_client_CA_names,
   ssl_noop_x509_clear,
   ssl_noop_x509_free,
@@ -310,3 +310,12 @@
   ssl_noop_x509_ssl_ctx_free,
   ssl_noop_x509_ssl_ctx_flush_cached_client_CA,
 };
+
+const SSL_METHOD *TLS_with_buffers_method(void) {
+  static const SSL_METHOD kMethod = {
+      0,
+      &kTLSProtocolMethod,
+      &ssl_noop_x509_method,
+  };
+  return &kMethod;
+}