Revert "Add |SSL_CTX_set0_buffer_pool|." and "Hold certificates in an SSL_SESSION as CRYPTO_BUFFERSs as well."
This reverts commits 5a6e6169615f205cb788ec9e29aebdd148f586b0 and
e8509090cfa08213d1ab16b7a1201957d0c8f560. I'm going to unify how the
chains are kept in memory between client and server first otherwise the
mess just keeps growing.
Change-Id: I76df0d94c9053b2454821d22a3c97951b6419831
Reviewed-on: https://boringssl-review.googlesource.com/12701
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 2603fb2..028b905 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1041,15 +1041,14 @@
CBS cbs;
CBS_init(&cbs, ssl->init_msg, ssl->init_num);
- STACK_OF(CRYPTO_BUFFER) *buffers = NULL;
- STACK_OF(X509) *chain = NULL;
uint8_t alert;
- if (!ssl_parse_cert_chain(ssl, &buffers, &chain, &alert, NULL, &cbs)) {
+ STACK_OF(X509) *chain = ssl_parse_cert_chain(ssl, &alert, NULL, &cbs);
+ if (chain == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
goto err;
}
- if (sk_CRYPTO_BUFFER_num(buffers) == 0 || CBS_len(&cbs) != 0) {
+ if (sk_X509_num(chain) == 0 || CBS_len(&cbs) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
goto err;
@@ -1063,11 +1062,8 @@
/* NOTE: Unlike the server half, the client's copy of |x509_chain| includes
* the leaf. */
- sk_CRYPTO_BUFFER_pop_free(ssl->s3->new_session->certs, CRYPTO_BUFFER_free);
- ssl->s3->new_session->certs = buffers;
sk_X509_pop_free(ssl->s3->new_session->x509_chain, X509_free);
ssl->s3->new_session->x509_chain = chain;
- ssl->s3->new_session->x509_chain_should_include_leaf = 1;
X509_free(ssl->s3->new_session->x509_peer);
X509_up_ref(leaf);
@@ -1076,7 +1072,6 @@
return 1;
err:
- sk_CRYPTO_BUFFER_pop_free(buffers, CRYPTO_BUFFER_free);
sk_X509_pop_free(chain, X509_free);
return -1;
}