Add |X509_METHOD| and, using it, move many functions to ssl_x509.c.
Change-Id: I266af0c2bdcebcc1dd1026f816b9ef6ece5a592f
Reviewed-on: https://boringssl-review.googlesource.com/13581
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 96ea64b..7fc7233 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -248,6 +248,7 @@
OPENSSL_memset(ret, 0, sizeof(SSL_CTX));
ret->method = method->method;
+ ret->x509_method = method->x509_method;
CRYPTO_MUTEX_init(&ret->lock);
@@ -261,7 +262,7 @@
ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
ret->verify_mode = SSL_VERIFY_NONE;
- ret->cert = ssl_cert_new();
+ ret->cert = ssl_cert_new(method->x509_method);
if (ret->cert == NULL) {
goto err;
}
@@ -2058,6 +2059,12 @@
return ssl->ctx;
}
+ /* One cannot change the X.509 callbacks during a connection. */
+ if (ssl->ctx->x509_method != ctx->x509_method) {
+ assert(0);
+ return NULL;
+ }
+
if (ctx == NULL) {
ctx = ssl->initial_ctx;
}