commit c5ac2b6c78ecde42bcbb9cbe0fd9c2b5b66677bf
author Adam Langley <agl@google.com> Mon Nov 07 12:02:35 2016 -0800
committer David Benjamin <davidben@google.com> Wed Nov 09 20:07:57 2016 +0000
tree 20888caf9900d4bbf9caa92ed415751687de362f
parent a983b4c2489fe75e0655fc2984332295fd348cf6

Rename X.509 members in |SSL_SESSION| and |CERT|.

This change renames |peer| to |x509_peer| and |cert_chain| to
|x509_chain| in |SSL_SESSION|. It also renames |x509| to |x509_leaf| and
|chain| to |x509_chain| in |CERT|. (All with an eye to maybe making
them lazily initialised in the future).

This a) catches anyone who might be accessing these members directly and
b) makes space for |CRYPTO_BUFFER|-based values to take the unprefixed
names.

Change-Id: I10573304fb7d6f1ea03f9e645f7fc0acdaf71ac2
Reviewed-on: https://boringssl-review.googlesource.com/12162
Reviewed-by: David Benjamin <davidben@google.com>

ssl/handshake_client.c

diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 311e9fd..64d3941 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1049,14 +1049,14 @@
     goto err;
   }
 
-  /* NOTE: Unlike the server half, the client's copy of |cert_chain| includes
+  /* NOTE: Unlike the server half, the client's copy of |x509_chain| includes
    * the leaf. */
-  sk_X509_pop_free(ssl->s3->new_session->cert_chain, X509_free);
-  ssl->s3->new_session->cert_chain = chain;
+  sk_X509_pop_free(ssl->s3->new_session->x509_chain, X509_free);
+  ssl->s3->new_session->x509_chain = chain;
 
-  X509_free(ssl->s3->new_session->peer);
+  X509_free(ssl->s3->new_session->x509_peer);
   X509_up_ref(leaf);
-  ssl->s3->new_session->peer = leaf;
+  ssl->s3->new_session->x509_peer = leaf;
 
   return 1;
 
@@ -1108,7 +1108,7 @@
 
 static int ssl3_verify_server_cert(SSL *ssl) {
   if (!ssl_verify_cert_chain(ssl, &ssl->s3->new_session->verify_result,
-                             ssl->s3->new_session->cert_chain)) {
+                             ssl->s3->new_session->x509_chain)) {
     return -1;
   }
 
@@ -1282,7 +1282,7 @@
 
   /* ServerKeyExchange should be signed by the server's public key. */
   if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
-    pkey = X509_get_pubkey(ssl->s3->new_session->peer);
+    pkey = X509_get_pubkey(ssl->s3->new_session->x509_peer);
     if (pkey == NULL) {
       goto err;
     }
@@ -1570,7 +1570,7 @@
       goto err;
     }
 
-    EVP_PKEY *pkey = X509_get_pubkey(ssl->s3->new_session->peer);
+    EVP_PKEY *pkey = X509_get_pubkey(ssl->s3->new_session->x509_peer);
     if (pkey == NULL) {
       goto err;
     }