Remove SSL_state and SSL_set_state SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer supported. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/CHANGES b/CHANGES index 34ad355..46f058a 100644 --- a/CHANGES +++ b/CHANGES
@@ -7,12 +7,14 @@ *) State machine rewrite. The state machine code has been significantly refactored in order to remove much duplication of code and solve issues with the old code (see ssl/statem/README for further details). This change - does have some associated API changes. Notably SSL_get_state/SSL_state now - returns an "OSSL_HANDSHAKE_STATE" instead of an int. The previous handshake - states defined in ssl.h and ssl3.h have been redefined to be the nearest - equivalent OSS_HANDSHAKE_STATE value. Not all states have an equivalent - value, (e.g. SSL_ST_CW_FLUSH). New application code should not use the old - handshake state values, but should instead use OSSL_HANDSHAKE_STATE. + does have some associated API changes. Notably the SSL_state() function + has been removed and replaced by SSL_get_state which now returns an + "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed + altogether. The previous handshake states defined in ssl.h and ssl3.h have + been redefined to be the nearest equivalent OSS_HANDSHAKE_STATE value. Not + all states have an equivalent value, (e.g. SSL_ST_CW_FLUSH). New + application code should not use the old handshake state values, but should + instead use OSSL_HANDSHAKE_STATE. [Matt Caswell] *) The demo files in crypto/threads were moved to demo/threads.
diff --git a/apps/s_server.c b/apps/s_server.c index f897c4f..aa01d43 100644 --- a/apps/s_server.c +++ b/apps/s_server.c
@@ -2428,7 +2428,7 @@ #ifdef CERT_CB_TEST_RETRY { while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP - && SSL_state(con) == TLS_ST_SR_CLNT_HELLO) { + && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { BIO_printf(bio_err, "LOOKUP from certificate callback during accept\n"); i = SSL_accept(con);
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index c8c577d..9413907 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod
@@ -624,7 +624,7 @@ =item int B<SSL_shutdown>(SSL *ssl); -=item OSSL_HANDSHAKE_STATE B<SSL_state>(const SSL *ssl); +=item OSSL_HANDSHAKE_STATE B<SSL_get_state>(const SSL *ssl); Returns the current handshake state.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index a810da7..eb8e599 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -1006,7 +1006,6 @@ # define SSL_CB_HANDSHAKE_DONE 0x20 /* Is the SSL_connection established? */ -# define SSL_get_state(a) SSL_state(a) # define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) # define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) int SSL_in_init(SSL *s); @@ -1700,8 +1699,7 @@ void (*cb) (const SSL *ssl, int type, int val)); void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); -__owur OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl); -void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl, long v); __owur long SSL_get_verify_result(const SSL *ssl);
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 1bfdd28..9992037 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c
@@ -283,8 +283,8 @@ #ifndef OPENSSL_NO_SCTP /* Store bio_dgram_sctp_rcvinfo struct */ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - (SSL_state(s) == TLS_ST_SR_FINISHED - || SSL_state(s) == TLS_ST_CR_FINISHED)) { + (SSL_get_state(s) == TLS_ST_SR_FINISHED + || SSL_get_state(s) == TLS_ST_CR_FINISHED)) { BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); }
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index 8b7257a..7857c4d 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c
@@ -93,7 +93,7 @@ return "error"; } - switch (SSL_state(s)) { + switch (SSL_get_state(s)) { case TLS_ST_BEFORE: str = "before SSL initialization"; break; @@ -208,7 +208,7 @@ return "SSLERR"; } - switch (SSL_state(s)) { + switch (SSL_get_state(s)) { case TLS_ST_BEFORE: str = "PINIT "; break;
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index ac795ab..dd7a260 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c
@@ -110,20 +110,11 @@ static void init_write_state_machine(SSL *s); static enum SUB_STATE_RETURN write_state_machine(SSL *s); -OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl) +OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) { return ssl->statem.hand_state; } -void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state) -{ - /* - * This function seems like a really bad idea. Should we remove it - * completely? - */ - ssl->statem.hand_state = state; -} - int SSL_in_init(SSL *s) { return s->statem.in_init;