Make SSL_set_tlsext_status_ocsp_resp() a real function.

2 files changed, 13 insertions, 11 deletions

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f7b56cdf25..904c30dddd 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3407,6 +3407,15 @@ size_t SSL_get_tlsext_status_ocsp_resp(SSL *s, const unsigned char **resp)
 	 return s->tlsext_ocsp_resplen;
 	 }
 		
+void SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp,
+				     size_t resplen)
+	 {
+	 if (s->tlsext_ocsp_resp)
+		 OPENSSL_free(s->tlsext_ocsp_resp);
+	 s->tlsext_ocsp_resp = resp;
+	 s->tlsext_ocsp_resplen = resplen;
+	 }
+
 #endif  /* ndef OPENSSL_NO_TLSEXT */
 
 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -3595,14 +3604,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		break;
 #endif
 
-	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
-		if (s->tlsext_ocsp_resp)
-			OPENSSL_free(s->tlsext_ocsp_resp);
-		s->tlsext_ocsp_resp = parg;
-		s->tlsext_ocsp_resplen = larg;
-		ret = 1;
-		break;
-
 #ifndef OPENSSL_NO_HEARTBEATS
 	case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
 		if (SSL_IS_DTLS(s))
diff --git a/ssl/tls1.h b/ssl/tls1.h
index fe92fc0689..f51b4c29bd 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -350,11 +350,12 @@ void SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts);
 void SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids);
 void SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids);
 size_t SSL_get_tlsext_status_ocsp_resp(SSL *s, const unsigned char **resp);
+/* Note that this does NOT copy its argument, however it DOES OPENSSL_free()
+ * any previously set value. FIXME? */
+void SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp,
+				     size_t resplen);
 #endif  /* ndef OPENSSL_NO_TLSEXT */
 
-#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
-
 #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)