Formatting and post-rebase fixes

4 files changed, 40 insertions, 34 deletions

diff --git a/src/lib/tls/msg_cert_status.cpp b/src/lib/tls/msg_cert_status.cpp
index 2a07c4672..ecc649a13 100644
--- a/src/lib/tls/msg_cert_status.cpp
+++ b/src/lib/tls/msg_cert_status.cpp
@@ -41,10 +41,11 @@ Certificate_Status::Certificate_Status(Handshake_IO& io,
    {
    hash.update(io.send(*this));
    }
+
 Certificate_Status::Certificate_Status(Handshake_IO& io,
                                        Handshake_Hash& hash,
-                                       std::vector<uint8_t> const& raw_response_bytes) :
-   m_raw_response_bytes(raw_response_bytes)
+                                       const std::vector<uint8_t>& raw_response_bytes) :
+   m_response(raw_response_bytes)
    {
    hash.update(io.send(*this));
    }
diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h
index 2c217993a..6dd8e2b4d 100644
--- a/src/lib/tls/tls_callbacks.h
+++ b/src/lib/tls/tls_callbacks.h
@@ -12,7 +12,6 @@
 
 #include <botan/tls_session.h>
 #include <botan/tls_alert.h>
-#include <botan/tls_extensions.h>
 #include <botan/pubkey.h>
 #include <functional>
 
@@ -21,7 +20,6 @@ namespace Botan {
 class Certificate_Store;
 class X509_Certificate;
 
-
 namespace OCSP {
 
 class Response;
@@ -33,6 +31,7 @@ namespace TLS {
 class Handshake_Message;
 class Policy;
 class Extensions;
+class Certificate_Status_Request;
 
 /**
 * Encapsulates the callbacks that a TLS channel will make which are due to
@@ -145,16 +144,22 @@ class BOTAN_PUBLIC_API(2,0) Callbacks
           }
 
       /**
-       * Called by the TLS server whenever the client included the status_request extension (see RFC 6066, a.k.a OCSP stapling) in the ClientHello.
-       * In the current implementation no information from the contents of the status_request extension within the 
-       * ClientHello is available.
-       *
-       * @return the encoded OCSP response to be sent to the client which indicates the revocation status of the server certificate. Return an empty vector to indicate that no response is available, and thus suppress the Certificate_Status message.
+       * Called by the TLS server whenever the client included the
+       * status_request extension (see RFC 6066, a.k.a OCSP stapling)
+       * in the ClientHello.
+       *
+       * @return the encoded OCSP response to be sent to the client which
+       * indicates the revocation status of the server certificate. Return an
+       * empty vector to indicate that no response is available, and thus
+       * suppress the Certificate_Status message.
        */
-       virtual std::vector<uint8_t> tls_srv_provoide_cert_status_response(std::vector<X509_Certificate> const& , Certificate_Status_Request const& ) const
-       {
+       virtual std::vector<uint8_t> tls_srv_provide_cert_status_response(const std::vector<X509_Certificate>& chain,
+                                                                         const Certificate_Status_Request& csr) const
+          {
+          BOTAN_UNUSED(chain);
+          BOTAN_UNUSED(csr);
           return std::vector<uint8_t>();
-       }
+          }
 
        /**
        * Optional callback with default impl: sign a message
diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h
index 4f7bd5464..35c3ee554 100644
--- a/src/lib/tls/tls_extensions.h
+++ b/src/lib/tls/tls_extensions.h
@@ -397,16 +397,15 @@ class BOTAN_UNSTABLE_API Certificate_Status_Request final : public Extension
 
       bool empty() const override { return false; }
 
-      std::vector<uint8_t> get_responder_id_list() const
-      {
-        return m_ocsp_names;
-      }
-      
-      std::vector<uint8_t> get_request_extensions() const 
-      {
-        return m_extension_bytes;
-      }
+      const std::vector<uint8_t>& get_responder_id_list() const
+         {
+         return m_ocsp_names;
+         }
 
+      const std::vector<uint8_t>& get_request_extensions() const
+         {
+         return m_extension_bytes;
+         }
 
       // Server generated version: empty
       Certificate_Status_Request();
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 387ae019e..153fb05c1 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -848,19 +848,20 @@ void Server::session_create(Server_Handshake_State& pending_state,
                                                  cert_chains[algo_used]));
 
       if(pending_state.client_hello()->supports_cert_status_message())
-      {
-        Certificate_Status_Request * csr = pending_state.client_hello()->extensions().get<Certificate_Status_Request>();
-        // csr is non-null if client_hello()->supports_cert_status_message()
-        std::vector<uint8_t> resp_bytes = callbacks().tls_srv_provoide_cert_status_response(cert_chains[algo_used], *csr);
-        if(resp_bytes.size() > 0)
-        {
-          pending_state.server_cert_status(new Certificate_Status(
-                pending_state.handshake_io(),
-                pending_state.hash(),
-                resp_bytes 
-                )); 
-        }
-      }
+         {
+         auto csr = pending_state.client_hello()->extensions().get<Certificate_Status_Request>();
+         // csr is non-null if client_hello()->supports_cert_status_message()
+         BOTAN_ASSERT_NOMSG(csr != nullptr);
+         const auto resp_bytes = callbacks().tls_srv_provide_cert_status_response(cert_chains[algo_used], *csr);
+         if(resp_bytes.size() > 0)
+            {
+            pending_state.server_cert_status(new Certificate_Status(
+                                                pending_state.handshake_io(),
+                                                pending_state.hash(),
+                                                resp_bytes
+                                                ));
+            }
+         }
 
       private_key = m_creds.private_key_for(
          pending_state.server_certs()->cert_chain()[0],