Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 4fac72e638c896c9fa30f5c6cd2fd7246f28f49e^! / . / ssl / ssl_lib.c
commit4fac72e638c896c9fa30f5c6cd2fd7246f28f49e[log] [tgz]
authorPaul Lietar <lietar@google.com>Wed Sep 09 13:44:55 2015 +0100
committerAdam Langley <agl@google.com>Fri Sep 11 21:52:26 2015 +0000
treeabf2cb50720f4d7514dcaab49d6a76207a268243
parent1bfce80b44c3b53fea90b90a59abc25bcff8c5ab [diff] [blame]
Add server-side support for Signed Certificate Timestamps.

Change-Id: Ifa44fef160fc9d67771eed165f8fc277f28a0222
Reviewed-on: https://boringssl-review.googlesource.com/5840
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 373dffb..574ae7b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1385,6 +1385,20 @@
   *out_len = session->ocsp_response_length;
 }
 
+int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list,
+                                           size_t list_len) {
+  OPENSSL_free(ctx->signed_cert_timestamp_list);
+  ctx->signed_cert_timestamp_list_length = 0;
+
+  ctx->signed_cert_timestamp_list = BUF_memdup(list, list_len);
+  if (ctx->signed_cert_timestamp_list == NULL) {
+    return 0;
+  }
+  ctx->signed_cert_timestamp_list_length = list_len;
+
+  return 1;
+}
+
 int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response,
                               size_t response_len) {
   OPENSSL_free(ctx->ocsp_response);
@@ -1739,6 +1753,7 @@
   OPENSSL_free(ctx->tlsext_ellipticcurvelist);
   OPENSSL_free(ctx->alpn_client_proto_list);
   OPENSSL_free(ctx->ocsp_response);
+  OPENSSL_free(ctx->signed_cert_timestamp_list);
   EVP_PKEY_free(ctx->tlsext_channel_id_private);
   BIO_free(ctx->keylog_bio);