diff options
author | David Benjamin <davidben@chromium.org> | 2014-08-27 15:25:21 -0400 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2014-08-28 00:42:20 +0000 |
commit | 041b58a6684d2f032f66fa45b0e35f50f9a0fa40 (patch) | |
tree | a06b61896cbf84ed19b43809719b6c1a74fb48c5 | |
parent | 457112e1973251a721ae419128d7108844d3c1a3 (diff) | |
download | src-041b58a6684d2f032f66fa45b0e35f50f9a0fa40.tar.gz |
Remove session_ctx macro.
Don't pollute the embedder's namespace with a session_ctx macro. It looks like
the difference was that, without TLS extensions, session_ctx was ctx rather
than initial_ctx. Now it's always initial_ctx. Retain the semantics of
switching SSL_CTX's out after the fact, until/unless we decide to replace that
with something less scary-sounding.
Change-Id: Ie5df5138aec25218ca80031cf645671968b8a54a
Reviewed-on: https://boringssl-review.googlesource.com/1663
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | include/openssl/ssl.h | 2 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 14 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 30 |
3 files changed, 22 insertions, 24 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index de91feb..0100fb9 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1396,8 +1396,6 @@ struct ssl_st uint8_t *next_proto_negotiated; size_t next_proto_negotiated_len; -#define session_ctx initial_ctx - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d6f6bdc..01d59c4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2344,14 +2344,14 @@ void ssl_update_cache(SSL *s,int mode) * and it would be rather hard to do anyway :-) */ if (s->session->session_id_length == 0) return; - i=s->session_ctx->session_cache_mode; + i=s->initial_ctx->session_cache_mode; if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) - || SSL_CTX_add_session(s->session_ctx,s->session)) - && (s->session_ctx->new_session_cb != NULL)) + || SSL_CTX_add_session(s->initial_ctx,s->session)) + && (s->initial_ctx->new_session_cb != NULL)) { CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); - if (!s->session_ctx->new_session_cb(s,s->session)) + if (!s->initial_ctx->new_session_cb(s,s->session)) SSL_SESSION_free(s->session); } @@ -2360,10 +2360,10 @@ void ssl_update_cache(SSL *s,int mode) ((i & mode) == mode)) { if ( (((mode & SSL_SESS_CACHE_CLIENT) - ?s->session_ctx->stats.sess_connect_good - :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) + ?s->initial_ctx->stats.sess_connect_good + :s->initial_ctx->stats.sess_accept_good) & 0xff) == 0xff) { - SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); + SSL_CTX_flush_sessions(s->initial_ctx,(unsigned long)time(NULL)); } } } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index bc20e86..c48c64b 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -272,8 +272,8 @@ int ssl_get_new_session(SSL *s, int session) if ((ss=SSL_SESSION_new()) == NULL) return(0); /* If the context has a default timeout, use it over the default. */ - if (s->session_ctx->session_timeout != 0) - ss->timeout=s->session_ctx->session_timeout; + if (s->initial_ctx->session_timeout != 0) + ss->timeout=s->initial_ctx->session_timeout; if (s->session != NULL) { @@ -334,8 +334,8 @@ int ssl_get_new_session(SSL *s, int session) CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); if(s->generate_session_id) cb = s->generate_session_id; - else if(s->session_ctx->generate_session_id) - cb = s->session_ctx->generate_session_id; + else if(s->initial_ctx->generate_session_id) + cb = s->initial_ctx->generate_session_id; CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); /* Choose a session ID */ tmp = ss->session_id_length; @@ -458,7 +458,7 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) if (try_session_cache && ret == NULL && - !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) + !(s->initial_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { SSL_SESSION data; data.ssl_version=s->version; @@ -467,7 +467,7 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) return 0; memcpy(data.session_id,ctx->session_id,ctx->session_id_len); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); + ret=lh_SSL_SESSION_retrieve(s->initial_ctx->sessions,&data); if (ret != NULL) { /* don't allow other threads to steal it: */ @@ -475,16 +475,16 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) } CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); if (ret == NULL) - s->session_ctx->stats.sess_miss++; + s->initial_ctx->stats.sess_miss++; } if (try_session_cache && ret == NULL && - s->session_ctx->get_session_cb != NULL) + s->initial_ctx->get_session_cb != NULL) { int copy=1; - if ((ret=s->session_ctx->get_session_cb(s,(unsigned char *) ctx->session_id,ctx->session_id_len,©))) + if ((ret=s->initial_ctx->get_session_cb(s,(unsigned char *) ctx->session_id,ctx->session_id_len,©))) { if (ret == SSL_magic_pending_session_ptr()) { @@ -493,7 +493,7 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) * figure out the session asynchronously. */ return PENDING_SESSION; } - s->session_ctx->stats.sess_cb_hit++; + s->initial_ctx->stats.sess_cb_hit++; /* Increment reference count now if the session callback * asks us to do so (note that if the session structures @@ -505,10 +505,10 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) /* Add the externally cached session to the internal * cache as well if and only if we are supposed to. */ - if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + if(!(s->initial_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) /* The following should not return 1, otherwise, * things are very strange */ - SSL_CTX_add_session(s->session_ctx,ret); + SSL_CTX_add_session(s->initial_ctx,ret); } } @@ -544,16 +544,16 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ { - s->session_ctx->stats.sess_timeout++; + s->initial_ctx->stats.sess_timeout++; if (try_session_cache) { /* session was from the cache, so remove it */ - SSL_CTX_remove_session(s->session_ctx,ret); + SSL_CTX_remove_session(s->initial_ctx,ret); } goto err; } - s->session_ctx->stats.sess_hit++; + s->initial_ctx->stats.sess_hit++; if (s->session != NULL) SSL_SESSION_free(s->session); |