generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Various custom extension fixes.

Browse Source 
Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.
This commit is contained in:
Trevor Perrin 2013-07-27 23:10:14 -07:00 committed by Ben Laurie
parent a898936218
commit 0b2bde70dd
3 changed files with 13 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s23_clnt.c
View File

@ -342,6 +342,8 @@ static int ssl23_client_hello(SSL *s)
#endif #endif
if (s->ctx->tlsext_authz_server_audit_proof_cb != NULL) if (s->ctx->tlsext_authz_server_audit_proof_cb != NULL)
ssl2_compat = 0; ssl2_compat = 0;
if (s->ctx->custom_cli_ext_records_count != 0)
ssl2_compat = 0;
} }
#endif #endif

21
ssl/ssl_rsa.c
View File

@ -463,23 +463,6 @@ static int ssl_set_cert(CERT *c, X509 *x)
X509_free(c->pkeys[i].x509); X509_free(c->pkeys[i].x509);
CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
c->pkeys[i].x509=x; c->pkeys[i].x509=x;
#ifndef OPENSSL_NO_TLSEXT
/* Free the old authz data, if it exists. */
if (c->pkeys[i].authz != NULL)
{
OPENSSL_free(c->pkeys[i].authz);
c->pkeys[i].authz = NULL;
c->pkeys[i].authz_length = 0;
}
/* Free the old serverinfo data, if it exists. */
if (c->pkeys[i].serverinfo != NULL)
{
OPENSSL_free(c->pkeys[i].serverinfo);
c->pkeys[i].serverinfo = NULL;
c->pkeys[i].serverinfo_length = 0;
}
#endif
c->key= &(c->pkeys[i]); c->key= &(c->pkeys[i]);
c->valid=0; c->valid=0;
@ -1083,7 +1066,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
if (!serverinfo_process_buffer(serverinfo, serverinfo_length, NULL)) if (!serverinfo_process_buffer(serverinfo, serverinfo_length, NULL))
{ {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,SSL_R_INVALID_SERVERINFO_DATA); SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,SSL_R_INVALID_SERVERINFO_DATA);
return(0); return 0;
} }
if (!ssl_cert_inst(&ctx->cert)) if (!ssl_cert_inst(&ctx->cert))
{ {
@ -1110,7 +1093,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
if (!serverinfo_process_buffer(serverinfo, serverinfo_length, ctx)) if (!serverinfo_process_buffer(serverinfo, serverinfo_length, ctx))
{ {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,SSL_R_INVALID_SERVERINFO_DATA); SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,SSL_R_INVALID_SERVERINFO_DATA);
return(0); return 0;
} }
return 1; return 1;
} }

8
ssl/t1_lib.c
View File

@ -1909,6 +1909,14 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
s->s3->alpn_selected = NULL; s->s3->alpn_selected = NULL;
} }
/* Clear observed custom extensions */
s->s3->tlsext_custom_types_count = 0;
if (s->s3->tlsext_custom_types != NULL)
{
OPENSSL_free(s->s3->tlsext_custom_types);
s->s3->tlsext_custom_types = NULL;
}
#ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
SSL_TLSEXT_HB_DONT_SEND_REQUESTS); SSL_TLSEXT_HB_DONT_SEND_REQUESTS);