Don't reach into BoringSSL internals.
This backports 025da0aad4f9c2fdeebb64bcebf11bbf2c12a2bd and
fd68c837b156ddb4b054e03d99a401e93068b34d from upstream.
diff --git a/c/ssl.c b/c/ssl.c
index 97c7982..f8302d4 100644
--- a/c/ssl.c
+++ b/c/ssl.c
@@ -1707,13 +1707,15 @@
TCN_IMPLEMENT_CALL(jlong, SSL, getTime)(TCN_STDARGS, jlong ssl)
{
SSL *ssl_ = J2P(ssl, SSL *);
+ SSL_SESSION *session = NULL;
if (ssl_ == NULL) {
tcn_ThrowException(e, "ssl is null");
return 0;
}
- if (ssl_->session == NULL) {
+ session = SSL_get_session(ssl_);
+ if (session == NULL) {
// BoringSSL does not protect against a NULL session. OpenSSL
// returns 0 if the session is NULL, so do that here.
return 0;
@@ -1721,20 +1723,22 @@
UNREFERENCED(o);
- return SSL_get_time(ssl_->session);
+ return SSL_get_time(session);
}
TCN_IMPLEMENT_CALL(jlong, SSL, getTimeout)(TCN_STDARGS, jlong ssl)
{
SSL *ssl_ = J2P(ssl, SSL *);
+ SSL_SESSION *session = NULL;
if (ssl_ == NULL) {
tcn_ThrowException(e, "ssl is null");
return 0;
}
- if (ssl_->session == NULL) {
+ session = SSL_get_session(ssl_);
+ if (session == NULL) {
// BoringSSL does not protect against a NULL session. OpenSSL
// returns 0 if the session is NULL, so do that here.
return 0;
@@ -1742,19 +1746,22 @@
UNREFERENCED(o);
- return SSL_get_timeout(ssl_->session);
+ return SSL_get_timeout(session);
}
TCN_IMPLEMENT_CALL(jlong, SSL, setTimeout)(TCN_STDARGS, jlong ssl, jlong seconds)
{
SSL *ssl_ = J2P(ssl, SSL *);
+ SSL_SESSION *session = NULL;
if (ssl_ == NULL) {
tcn_ThrowException(e, "ssl is null");
return 0;
}
- if (ssl_->session == NULL) {
+
+ session = SSL_get_session(ssl_);
+ if (session == NULL) {
// BoringSSL does not protect against a NULL session. OpenSSL
// returns 0 if the session is NULL, so do that here.
return 0;
@@ -1762,7 +1769,7 @@
UNREFERENCED(o);
- return SSL_set_timeout(ssl_->session, seconds);
+ return SSL_set_timeout(session, seconds);
}
diff --git a/c/sslcontext.c b/c/sslcontext.c
index 78afe61..78ad316 100644
--- a/c/sslcontext.c
+++ b/c/sslcontext.c
@@ -1459,7 +1459,7 @@
static const char* authentication_method(const SSL* ssl) {
{
- switch (ssl->version)
+ switch (SSL_version(ssl))
{
case SSL2_VERSION:
return SSL_TXT_RSA;