From 3a3b1973279105d8db80c90b331a82e1877e5f28 Mon Sep 17 00:00:00 2001
From: Alexey Kuzmin <alex.s.kuzmin@gmail.com>
Date: Tue, 6 Nov 2018 17:07:09 +0100
Subject: [PATCH] fix: update the "SSL_get_tlsext_status_type" patch (#15587)

It has been upstreamed by @nornagon
https://github.com/google/boringssl/commit/c0c9001440db8121bdc1ff1307b3a9aedf26fcd8
---
 patches/common/boringssl/.patches             |  2 +-
 ...implement-SSL_get_tlsext_status_type.patch | 40 -------------
 ...implement_ssl_get_tlsext_status_type.patch | 58 +++++++++++++++++++
 3 files changed, 59 insertions(+), 41 deletions(-)
 delete mode 100644 patches/common/boringssl/implement-SSL_get_tlsext_status_type.patch
 create mode 100644 patches/common/boringssl/implement_ssl_get_tlsext_status_type.patch

diff --git a/patches/common/boringssl/.patches b/patches/common/boringssl/.patches
index ceec4586db58a..eb67e3c35a07b 100644
--- a/patches/common/boringssl/.patches
+++ b/patches/common/boringssl/.patches
@@ -1 +1 @@
-implement-SSL_get_tlsext_status_type.patch
+implement_ssl_get_tlsext_status_type.patch
diff --git a/patches/common/boringssl/implement-SSL_get_tlsext_status_type.patch b/patches/common/boringssl/implement-SSL_get_tlsext_status_type.patch
deleted file mode 100644
index b05f9359dbd4e..0000000000000
--- a/patches/common/boringssl/implement-SSL_get_tlsext_status_type.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Aleksei Kuzmin <alkuzmin@microsoft.com>
-Date: Mon, 22 Oct 2018 10:46:33 -0700
-Subject: implement-SSL_get_tlsext_status_type.patch
-
-BoringSSL doesn't implement `SSL_get_tlsext_status_type()`,
-but Node.js expects it to be present cause OpenSSL has it.
-
-diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index f693030a8a7c4bf79dd791e1abd0e94f8e97a292..59c1881b34289401e6c998cd266cb1e2fb8f7cc9 100644
---- a/include/openssl/ssl.h
-+++ b/include/openssl/ssl.h
-@@ -4293,6 +4293,8 @@ OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
- // Use |SSL_enable_ocsp_stapling| instead.
- OPENSSL_EXPORT int SSL_set_tlsext_status_type(SSL *ssl, int type);
- 
-+OPENSSL_EXPORT int SSL_get_tlsext_status_type(SSL *ssl);
-+
- // SSL_set_tlsext_status_ocsp_resp sets the OCSP response. It returns one on
- // success and zero on error. On success, |ssl| takes ownership of |resp|, which
- // must have been allocated by |OPENSSL_malloc|.
-diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
-index c68968a514b76717d4c42448ef4b9c440c330fb2..c82ffeaa37268e54c6b142b31706d478ba93ff63 100644
---- a/ssl/ssl_lib.cc
-+++ b/ssl/ssl_lib.cc
-@@ -2896,6 +2896,14 @@ int SSL_set_tlsext_status_type(SSL *ssl, int type) {
-   return 1;
- }
- 
-+int SSL_get_tlsext_status_type(SSL *ssl) {
-+  if (ssl->config->ocsp_stapling_enabled) {
-+    return TLSEXT_STATUSTYPE_ocsp;
-+  }
-+
-+  return TLSEXT_STATUSTYPE_nothing;
-+}
-+
- int SSL_set_tlsext_status_ocsp_resp(SSL *ssl, uint8_t *resp, size_t resp_len) {
-   if (SSL_set_ocsp_response(ssl, resp, resp_len)) {
-     OPENSSL_free(resp);
diff --git a/patches/common/boringssl/implement_ssl_get_tlsext_status_type.patch b/patches/common/boringssl/implement_ssl_get_tlsext_status_type.patch
new file mode 100644
index 0000000000000..1dab9c66d8c06
--- /dev/null
+++ b/patches/common/boringssl/implement_ssl_get_tlsext_status_type.patch
@@ -0,0 +1,58 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jeremy Apthorp <jeremya@chromium.org>
+Date: Thu, 18 Oct 2018 14:18:05 -0700
+Subject: Implement SSL_get_tlsext_status_type
+
+It's used by Node.js[1], and is simple to implement.
+
+[1]: https://github.com/nodejs/node/blob/e2f58c71ddf0f91256cc85e6bb226a068256c5eb/src/node_crypto.cc#L2390
+
+Change-Id: Ie5c76b848623d00f7478aeae0214c25472de523c
+Reviewed-on: https://boringssl-review.googlesource.com/c/32525
+Reviewed-by: David Benjamin <davidben@google.com>
+Commit-Queue: David Benjamin <davidben@google.com>
+CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
+
+diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
+index ae8b8385fc73701a4346202f213b5974af4e2aed..0f3d1747173ffb09eafd5c7d5d692ae3c35c9874 100644
+--- a/include/openssl/ssl.h
++++ b/include/openssl/ssl.h
+@@ -4268,6 +4268,14 @@ OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
+ // Use |SSL_enable_ocsp_stapling| instead.
+ OPENSSL_EXPORT int SSL_set_tlsext_status_type(SSL *ssl, int type);
+ 
++// SSL_get_tlsext_status_type returns |TLSEXT_STATUSTYPE_ocsp| if the client
++// requested OCSP stapling and |TLSEXT_STATUSTYPE_nothing| otherwise. On the
++// client, this reflects whether OCSP stapling was enabled via, e.g.,
++// |SSL_set_tlsext_status_type|. On the server, this is determined during the
++// handshake. It may be queried in callbacks set by |SSL_CTX_set_cert_cb|. The
++// result is undefined after the handshake completes.
++OPENSSL_EXPORT int SSL_get_tlsext_status_type(const SSL *ssl);
++
+ // SSL_set_tlsext_status_ocsp_resp sets the OCSP response. It returns one on
+ // success and zero on error. On success, |ssl| takes ownership of |resp|, which
+ // must have been allocated by |OPENSSL_malloc|.
+diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
+index 9c16de4958ef29d638e05e0f90b9b15b11b15cac..1f648658b8cb6ae7b82132b276b927e8fb11a47a 100644
+--- a/ssl/ssl_lib.cc
++++ b/ssl/ssl_lib.cc
+@@ -2751,6 +2751,19 @@ int SSL_set_tlsext_status_type(SSL *ssl, int type) {
+   return 1;
+ }
+ 
++int SSL_get_tlsext_status_type(const SSL *ssl) {
++  if (ssl->server) {
++    SSL_HANDSHAKE *hs = ssl->s3->hs.get();
++    return hs != nullptr && hs->ocsp_stapling_requested
++        ? TLSEXT_STATUSTYPE_ocsp
++        : TLSEXT_STATUSTYPE_nothing;
++  }
++
++  return ssl->config != nullptr && ssl->config->ocsp_stapling_enabled
++             ? TLSEXT_STATUSTYPE_ocsp
++             : TLSEXT_STATUSTYPE_nothing;
++}
++
+ int SSL_set_tlsext_status_ocsp_resp(SSL *ssl, uint8_t *resp, size_t resp_len) {
+   if (SSL_set_ocsp_response(ssl, resp, resp_len)) {
+     OPENSSL_free(resp);