Add an accessor for session->certs.
Chromium has some code which reaches into this field for memory
accounting.
This fixes a bug in doc.go where this line-wrapping confuses it. doc.go
needs a bit of a rewrite, but this is a bit better.
Change-Id: Ic9cc2c2fe9329d7bc366ccf91e0c9a92eae08ed2
Reviewed-on: https://boringssl-review.googlesource.com/27764
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 51162ea..77bd4de 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1694,6 +1694,13 @@
// TODO(davidben): This should return a const X509 *.
OPENSSL_EXPORT X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session);
+// SSL_SESSION_get0_peer_certificates returns the peer certificate chain stored
+// in |session|, or NULL if the peer did not use certificates. This is the
+// unverified list of certificates as sent by the peer, not the final chain
+// built during verification. The caller does not take ownership of the result.
+OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
+ SSL_SESSION_get0_peer_certificates(const SSL_SESSION *session);
+
// SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s master
// secret to |out| and returns the number of bytes written. If |max_out| is
// zero, it returns the size of the master secret.
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index a18ddd1..272fc55 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -913,6 +913,11 @@
return session->x509_peer;
}
+const STACK_OF(CRYPTO_BUFFER) *
+ SSL_SESSION_get0_peer_certificates(const SSL_SESSION *session) {
+ return session->certs;
+}
+
size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
size_t max_out) {
// TODO(davidben): Fix master_key_length's type and remove these casts.
diff --git a/util/doc.go b/util/doc.go
index 2d5a297..040ac79 100644
--- a/util/doc.go
+++ b/util/doc.go
@@ -17,6 +17,7 @@
"io/ioutil"
"os"
"path/filepath"
+ "regexp"
"strings"
)
@@ -216,6 +217,9 @@
return ""
}
+var stackOfRegexp = regexp.MustCompile(`STACK_OF\(([^)]*)\)`)
+var lhashOfRegexp = regexp.MustCompile(`LHASH_OF\(([^)]*)\)`)
+
func getNameFromDecl(decl string) (string, bool) {
for strings.HasPrefix(decl, "#if") || strings.HasPrefix(decl, "#elif") {
decl = skipLine(decl)
@@ -249,8 +253,9 @@
return decl[:i], true
}
decl = strings.TrimPrefix(decl, "OPENSSL_EXPORT ")
- decl = strings.TrimPrefix(decl, "STACK_OF(")
- decl = strings.TrimPrefix(decl, "LHASH_OF(")
+ decl = strings.TrimPrefix(decl, "const ")
+ decl = stackOfRegexp.ReplaceAllString(decl, "STACK_OF_$1")
+ decl = lhashOfRegexp.ReplaceAllString(decl, "LHASH_OF_$1")
i := strings.Index(decl, "(")
if i < 0 {
return "", false