Move some fields from tmp to hs.
This releases memory associated with them after the handshake. Note this
changes the behavior of |SSL_get0_certificate_types| and
|SSL_get_client_CA_list| slightly. Both functions now return NULL
outside of the handshake. But they were already documented to return
something undefined when not called at the CertificateRequest.
A survey of callers finds none that would care. (Note
SSL_get_client_CA_list is used both as a getter for the corresponding
server config setter and to report client handshake properties. Only the
latter is affected.) It's also pretty difficult to imagine why a caller
would wish to query this stuff at any other time, and there are clear
benefits to dropping the CA list after the handshake (some servers send
ABSURDLY large lists).
Change-Id: I3ac3b601ff0cfa601881ce77ae33d99bb5327004
Reviewed-on: https://boringssl-review.googlesource.com/11521
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 0c5a7af..9c6d08e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -395,7 +395,11 @@
* |SSL_set_connect_state|. If |handshake_func| is NULL, |ssl| is in an
* indeterminate mode and |ssl->server| is unset. */
if (ssl->handshake_func != NULL && !ssl->server) {
- return ssl->s3->tmp.ca_names;
+ if (ssl->s3->hs != NULL) {
+ return ssl->s3->hs->ca_names;
+ }
+
+ return NULL;
}
if (ssl->client_CA != NULL) {