Forbid the server certificate from changing on renego. This allows us to move the code from Chrome into BoringSSL itself. BUG=126 Change-Id: I04b4f63008a6de0a58dd6c685c78e9edd06deda6 Reviewed-on: https://boringssl-review.googlesource.com/14028 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: a58baaf9e68f887a9e1daf88cb25d911a376851f [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Feb 28 20:54:28 2017 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Mar 01 23:26:50 2017 +0000
tree: 155a122f23b74e85247d3042a9cbacdab0672612
parent: ad8f5e1de94676fd674178705beb1e9697a67ab3 [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index dedabb0..2e0c808 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -4464,6 +4464,7 @@
 #define SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA 270
 #define SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH 271
 #define SSL_R_CANNOT_PARSE_LEAF_CERT 272
+#define SSL_R_SERVER_CERT_CHANGED 273
 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
commit	a58baaf9e68f887a9e1daf88cb25d911a376851f	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Feb 28 20:54:28 2017 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Mar 01 23:26:50 2017 +0000
tree	155a122f23b74e85247d3042a9cbacdab0672612
parent	ad8f5e1de94676fd674178705beb1e9697a67ab3 [diff] [blame]