diff options
| -rw-r--r-- | CHANGES | 14 | ||||
| -rw-r--r-- | apps/s_server.c | 2 | ||||
| -rw-r--r-- | doc/ssl/ssl.pod | 2 | ||||
| -rw-r--r-- | include/openssl/ssl.h | 4 | ||||
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 4 | ||||
| -rw-r--r-- | ssl/ssl_stat.c | 4 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 11 |
7 files changed, 16 insertions, 25 deletions
@@ -7,12 +7,14 @@ *) State machine rewrite. The state machine code has been significantly refactored in order to remove much duplication of code and solve issues with the old code (see ssl/statem/README for further details). This change - does have some associated API changes. Notably SSL_get_state/SSL_state now - returns an "OSSL_HANDSHAKE_STATE" instead of an int. The previous handshake - states defined in ssl.h and ssl3.h have been redefined to be the nearest - equivalent OSS_HANDSHAKE_STATE value. Not all states have an equivalent - value, (e.g. SSL_ST_CW_FLUSH). New application code should not use the old - handshake state values, but should instead use OSSL_HANDSHAKE_STATE. + does have some associated API changes. Notably the SSL_state() function + has been removed and replaced by SSL_get_state which now returns an + "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed + altogether. The previous handshake states defined in ssl.h and ssl3.h have + been redefined to be the nearest equivalent OSS_HANDSHAKE_STATE value. Not + all states have an equivalent value, (e.g. SSL_ST_CW_FLUSH). New + application code should not use the old handshake state values, but should + instead use OSSL_HANDSHAKE_STATE. [Matt Caswell] *) The demo files in crypto/threads were moved to demo/threads. diff --git a/apps/s_server.c b/apps/s_server.c index f897c4fb82..aa01d43fb1 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2428,7 +2428,7 @@ static int init_ssl_connection(SSL *con) #ifdef CERT_CB_TEST_RETRY { while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP - && SSL_state(con) == TLS_ST_SR_CLNT_HELLO) { + && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { BIO_printf(bio_err, "LOOKUP from certificate callback during accept\n"); i = SSL_accept(con); diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index c8c577d83e..9413907b02 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -624,7 +624,7 @@ success or 0 on failure. =item int B<SSL_shutdown>(SSL *ssl); -=item OSSL_HANDSHAKE_STATE B<SSL_state>(const SSL *ssl); +=item OSSL_HANDSHAKE_STATE B<SSL_get_state>(const SSL *ssl); Returns the current handshake state. diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index a810da7759..eb8e599ae3 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1006,7 +1006,6 @@ typedef enum { # define SSL_CB_HANDSHAKE_DONE 0x20 /* Is the SSL_connection established? */ -# define SSL_get_state(a) SSL_state(a) # define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) # define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) int SSL_in_init(SSL *s); @@ -1700,8 +1699,7 @@ void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)); void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); -__owur OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl); -void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl, long v); __owur long SSL_get_verify_result(const SSL *ssl); diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 1bfdd28552..9992037a9f 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -283,8 +283,8 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) #ifndef OPENSSL_NO_SCTP /* Store bio_dgram_sctp_rcvinfo struct */ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - (SSL_state(s) == TLS_ST_SR_FINISHED - || SSL_state(s) == TLS_ST_CR_FINISHED)) { + (SSL_get_state(s) == TLS_ST_SR_FINISHED + || SSL_get_state(s) == TLS_ST_CR_FINISHED)) { BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); } diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index 8b7257a06f..7857c4d75b 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -93,7 +93,7 @@ const char *SSL_state_string_long(const SSL *s) return "error"; } - switch (SSL_state(s)) { + switch (SSL_get_state(s)) { case TLS_ST_BEFORE: str = "before SSL initialization"; break; @@ -208,7 +208,7 @@ const char *SSL_state_string(const SSL *s) return "SSLERR"; } - switch (SSL_state(s)) { + switch (SSL_get_state(s)) { case TLS_ST_BEFORE: str = "PINIT "; break; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index ac795ab052..dd7a260a26 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -110,20 +110,11 @@ static enum SUB_STATE_RETURN read_state_machine(SSL *s); static void init_write_state_machine(SSL *s); static enum SUB_STATE_RETURN write_state_machine(SSL *s); -OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl) +OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) { return ssl->statem.hand_state; } -void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state) -{ - /* - * This function seems like a really bad idea. Should we remove it - * completely? - */ - ssl->statem.hand_state = state; -} - int SSL_in_init(SSL *s) { return s->statem.in_init; |