Clean up certificate auto-chaining. Rather than doing it right before outputing, treat this as a part of the pipeline to finalize the certificate chain, and run it right after cert_cb to modify the certificate configuration itself. This means nothing else in the stack needs to worry about this case existing. It also makes it easy to support in both TLS 1.2 and TLS 1.3. Change-Id: I6a088297a54449f1f5f5bb8b5385caa4e8665eb6 Reviewed-on: https://boringssl-review.googlesource.com/12966 Reviewed-by: Adam Langley <agl@google.com>

commit: 650aa1c80a4ae024012199f085e2e72200e4685e [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Dec 20 18:55:16 2016 -0500
committer: Adam Langley <agl@google.com> Wed Jan 04 01:36:26 2017 +0000
tree: de0b6afbd8132ee11ea21ff8615a95c2849f8953
parent: d31148b175a430ab9d37159e4daca4cc4a2cac7c [diff] [blame]
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 2791abc..7794ddd 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c

@@ -1478,7 +1478,8 @@
     }
   }
 
-  if (!ssl3_output_cert_chain(ssl)) {
+  if (!ssl_auto_chain_if_needed(ssl) ||
+      !ssl3_output_cert_chain(ssl)) {
     return -1;
   }
   hs->state = SSL3_ST_CW_CERT_B;
commit	650aa1c80a4ae024012199f085e2e72200e4685e	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Dec 20 18:55:16 2016 -0500
committer	Adam Langley <agl@google.com>	Wed Jan 04 01:36:26 2017 +0000
tree	de0b6afbd8132ee11ea21ff8615a95c2849f8953
parent	d31148b175a430ab9d37159e4daca4cc4a2cac7c [diff] [blame]