Google Git
Sign in
chromium / external / netty-tcnative / 2e0f9503f3d4efe6fc3f70077f22471e83ffb446^! / .
commit2e0f9503f3d4efe6fc3f70077f22471e83ffb446[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Mon Feb 06 20:48:01 2017
committerDavid Benjamin <davidben@chromium.org>Mon Feb 06 20:48:01 2017
tree7c9b08ffa44644c6d18181278703eecbaf7c178b
parentdba66573998801a08ea41b605b1629857ae02a6b [diff]
Don't reach into BoringSSL internals.

This backports 025da0aad4f9c2fdeebb64bcebf11bbf2c12a2bd and
fd68c837b156ddb4b054e03d99a401e93068b34d from upstream.

diff --git a/c/ssl.c b/c/ssl.c
index 97c7982..f8302d4 100644
--- a/c/ssl.c
+++ b/c/ssl.c

@@ -1707,13 +1707,15 @@
 TCN_IMPLEMENT_CALL(jlong, SSL, getTime)(TCN_STDARGS, jlong ssl)
 {
     SSL *ssl_ = J2P(ssl, SSL *);
+    SSL_SESSION *session = NULL;
 
     if (ssl_ == NULL) {
         tcn_ThrowException(e, "ssl is null");
         return 0;
     }
 
-    if (ssl_->session == NULL) {
+    session = SSL_get_session(ssl_);
+    if (session == NULL) {
         // BoringSSL does not protect against a NULL session. OpenSSL
         // returns 0 if the session is NULL, so do that here.
         return 0;
@@ -1721,20 +1723,22 @@
 
     UNREFERENCED(o);
 
-    return SSL_get_time(ssl_->session);
+    return SSL_get_time(session);
 }
 
 
 TCN_IMPLEMENT_CALL(jlong, SSL, getTimeout)(TCN_STDARGS, jlong ssl)
 {
     SSL *ssl_ = J2P(ssl, SSL *);
+    SSL_SESSION *session = NULL;
 
     if (ssl_ == NULL) {
         tcn_ThrowException(e, "ssl is null");
         return 0;
     }
 
-    if (ssl_->session == NULL) {
+    session = SSL_get_session(ssl_);
+    if (session == NULL) {
         // BoringSSL does not protect against a NULL session. OpenSSL
         // returns 0 if the session is NULL, so do that here.
         return 0;
@@ -1742,19 +1746,22 @@
 
     UNREFERENCED(o);
 
-    return SSL_get_timeout(ssl_->session);
+    return SSL_get_timeout(session);
 }
 
 
 TCN_IMPLEMENT_CALL(jlong, SSL, setTimeout)(TCN_STDARGS, jlong ssl, jlong seconds)
 {
     SSL *ssl_ = J2P(ssl, SSL *);
+    SSL_SESSION *session = NULL;
 
     if (ssl_ == NULL) {
         tcn_ThrowException(e, "ssl is null");
         return 0;
     }
-    if (ssl_->session == NULL) {
+
+    session = SSL_get_session(ssl_);
+    if (session == NULL) {
         // BoringSSL does not protect against a NULL session. OpenSSL
         // returns 0 if the session is NULL, so do that here.
         return 0;
@@ -1762,7 +1769,7 @@
 
     UNREFERENCED(o);
 
-    return SSL_set_timeout(ssl_->session, seconds);
+    return SSL_set_timeout(session, seconds);
 }
 
 

diff --git a/c/sslcontext.c b/c/sslcontext.c
index 78afe61..78ad316 100644
--- a/c/sslcontext.c
+++ b/c/sslcontext.c

@@ -1459,7 +1459,7 @@
 
 static const char* authentication_method(const SSL* ssl) {
 {
-    switch (ssl->version)
+    switch (SSL_version(ssl))
         {
         case SSL2_VERSION:
             return SSL_TXT_RSA;