New extension callback features.

Support separate parse and add callback arguments. Add new callback so an application can free extension data. Change return value for send functions so < 0 is an error 0 omits extension and > 0 includes it. This is more consistent with the behaviour of other functions in OpenSSL. Modify parse_cb handling so <= 0 is an error. Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument order consistent. NOTE: these changes WILL break existing code. Remove (now inaccurate) in line documentation. Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-08-16 18:16:26 +01:00
parent de2a9e38f3
commit 33f653adf3
7 changed files with 74 additions and 81 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2442,7 +2442,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 		 */
 		else if (!s->hit)
 			{
-			if (!custom_ext_parse(s, 1, type, data, size, al))
+			if (custom_ext_parse(s, 1, type, data, size, al) <= 0)
 				return 0;
 			}
 #ifdef TLSEXT_TYPE_encrypt_then_mac
@@ -2777,7 +2777,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 		/* If this extension type was not otherwise handled, but 
 		 * matches a custom_cli_ext_record, then send it to the c
 		 * callback */
-		else if (!custom_ext_parse(s, 0, type, data, size, al))
+		else if (custom_ext_parse(s, 0, type, data, size, al) <= 0)
 				return 0;
 #ifdef TLSEXT_TYPE_encrypt_then_mac
 		else if (type == TLSEXT_TYPE_encrypt_then_mac)