Add SSL_get_client_certificate_types.

Exposes the certificate_types parameter in a CertificateRequest. BUG=165446 Review URL: https://codereview.chromium.org/254723002 git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@269864 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
author: davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> 2014-05-12 20:21:12 +0000
committer: davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> 2014-05-12 20:21:12 +0000
commit: af1de6dffdeccfab8cc920fcf3681286490a1459 (patch)
tree: 67f3852f570e5bff485cd13b7237540c7d2bbfd4
parent: 7f0be5dc6cd354f962618d88faa1b1d2b8e32238 (diff)
download: openssl-af1de6dffdeccfab8cc920fcf3681286490a1459.tar.gz
7 files changed, 106 insertions, 2 deletions
diff --git a/README.chromium b/README.chromium
index 443a75d..8ffa5ea 100644
--- a/README.chromium
+++ b/README.chromium
@@ -212,6 +212,9 @@ located in patches.chromium/. Currently this consists of:
     server bug. Some servers are intolerant to the last extension being empty.
     See https://crbug.com/363583
 
+  export_certificate_types.patch
+    Export the certificate_types field in CertificateRequest.
+
 **************************************************************************
 Adding new Chromium patches:
 
diff --git a/openssl/include/openssl/ssl.h b/openssl/include/openssl/ssl.h
index fe92ccf..5faae95 100644
--- a/openssl/include/openssl/ssl.h
+++ b/openssl/include/openssl/ssl.h
@@ -1989,6 +1989,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);
 int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
 
+void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
+	size_t *ctype_num);
+
 void SSL_set_connect_state(SSL *s);
 void SSL_set_accept_state(SSL *s);
 
diff --git a/openssl/include/openssl/ssl3.h b/openssl/include/openssl/ssl3.h
index 899c8a8..019e8d8 100644
--- a/openssl/include/openssl/ssl3.h
+++ b/openssl/include/openssl/ssl3.h
@@ -508,7 +508,7 @@ typedef struct ssl3_state_st
 		/* used for certificate requests */
 		int cert_req;
 		int ctype_num;
-		char ctype[SSL3_CT_NUMBER];
+		unsigned char ctype[SSL3_CT_NUMBER];
 		STACK_OF(X509_NAME) *ca_names;
 
 		int use_rsa_tmp;
diff --git a/openssl/ssl/ssl.h b/openssl/ssl/ssl.h
index fe92ccf..5faae95 100644
--- a/openssl/ssl/ssl.h
+++ b/openssl/ssl/ssl.h
@@ -1989,6 +1989,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);
 int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
 
+void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
+	size_t *ctype_num);
+
 void SSL_set_connect_state(SSL *s);
 void SSL_set_accept_state(SSL *s);
 
diff --git a/openssl/ssl/ssl3.h b/openssl/ssl/ssl3.h
index 899c8a8..019e8d8 100644
--- a/openssl/ssl/ssl3.h
+++ b/openssl/ssl/ssl3.h
@@ -508,7 +508,7 @@ typedef struct ssl3_state_st
 		/* used for certificate requests */
 		int cert_req;
 		int ctype_num;
-		char ctype[SSL3_CT_NUMBER];
+		unsigned char ctype[SSL3_CT_NUMBER];
 		STACK_OF(X509_NAME) *ca_names;
 
 		int use_rsa_tmp;
diff --git a/openssl/ssl/ssl_cert.c b/openssl/ssl/ssl_cert.c
index 5123a89..8a61650 100644
--- a/openssl/ssl/ssl_cert.c
+++ b/openssl/ssl/ssl_cert.c
@@ -655,6 +655,21 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
 	return(add_client_CA(&(ctx->client_CA),x));
 	}
 
+void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
+	size_t *ctype_num)
+	{
+	if (s->s3 == NULL)
+		{
+		*ctype = NULL;
+		*ctype_num = 0;
+		return;
+		}
+
+	/* This always returns nothing for the server. */
+	*ctype = s->s3->tmp.ctype;
+	*ctype_num = s->s3->tmp.ctype_num;
+	}
+
 static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
 	{
 	return(X509_NAME_cmp(*a,*b));
diff --git a/patches.chromium/0015-export_certificate_types.patch b/patches.chromium/0015-export_certificate_types.patch
new file mode 100644
index 0000000..e5c7f76
--- /dev/null
+++ b/patches.chromium/0015-export_certificate_types.patch
@@ -0,0 +1,80 @@
+diff --git android-openssl.orig/include/openssl/ssl.h android-openssl/include/openssl/ssl.h
+index a3944f1..e559608 100644
+--- android-openssl.orig/include/openssl/ssl.h
++++ android-openssl/include/openssl/ssl.h
+@@ -1982,6 +1982,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+ int SSL_add_client_CA(SSL *ssl,X509 *x);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+ 
++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
++	size_t *ctype_num);
++
+ void SSL_set_connect_state(SSL *s);
+ void SSL_set_accept_state(SSL *s);
+ 
+diff --git android-openssl.orig/include/openssl/ssl3.h android-openssl/include/openssl/ssl3.h
+index 899c8a8..019e8d8 100644
+--- android-openssl.orig/include/openssl/ssl3.h
++++ android-openssl/include/openssl/ssl3.h
+@@ -508,7 +508,7 @@ typedef struct ssl3_state_st
+ 		/* used for certificate requests */
+ 		int cert_req;
+ 		int ctype_num;
+-		char ctype[SSL3_CT_NUMBER];
++		unsigned char ctype[SSL3_CT_NUMBER];
+ 		STACK_OF(X509_NAME) *ca_names;
+ 
+ 		int use_rsa_tmp;
+diff --git android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h
+index a3944f1..e559608 100644
+--- android-openssl.orig/ssl/ssl.h
++++ android-openssl/ssl/ssl.h
+@@ -1982,6 +1982,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+ int SSL_add_client_CA(SSL *ssl,X509 *x);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+ 
++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
++	size_t *ctype_num);
++
+ void SSL_set_connect_state(SSL *s);
+ void SSL_set_accept_state(SSL *s);
+ 
+diff --git android-openssl.orig/ssl/ssl3.h android-openssl/ssl/ssl3.h
+index 899c8a8..019e8d8 100644
+--- android-openssl.orig/ssl/ssl3.h
++++ android-openssl/ssl/ssl3.h
+@@ -508,7 +508,7 @@ typedef struct ssl3_state_st
+ 		/* used for certificate requests */
+ 		int cert_req;
+ 		int ctype_num;
+-		char ctype[SSL3_CT_NUMBER];
++		unsigned char ctype[SSL3_CT_NUMBER];
+ 		STACK_OF(X509_NAME) *ca_names;
+ 
+ 		int use_rsa_tmp;
+diff --git android-openssl.orig/ssl/ssl_cert.c android-openssl/ssl/ssl_cert.c
+index 5123a89..8a61650 100644
+--- android-openssl.orig/ssl/ssl_cert.c
++++ android-openssl/ssl/ssl_cert.c
+@@ -655,6 +655,21 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
+ 	return(add_client_CA(&(ctx->client_CA),x));
+ 	}
+ 
++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype,
++	size_t *ctype_num)
++	{
++	if (s->s3 == NULL)
++		{
++		*ctype = NULL;
++		*ctype_num = 0;
++		return;
++		}
++
++	/* This always returns nothing for the server. */
++	*ctype = s->s3->tmp.ctype;
++	*ctype_num = s->s3->tmp.ctype_num;
++	}
++
+ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
+ 	{
+ 	return(X509_NAME_cmp(*a,*b));
author	davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>	2014-05-12 20:21:12 +0000
committer	davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>	2014-05-12 20:21:12 +0000
commit	af1de6dffdeccfab8cc920fcf3681286490a1459 (patch)
tree	67f3852f570e5bff485cd13b7237540c7d2bbfd4
parent	7f0be5dc6cd354f962618d88faa1b1d2b8e32238 (diff)
download	openssl-af1de6dffdeccfab8cc920fcf3681286490a1459.tar.gz