Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)

Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
2013-06-18 14:34:38 -07:00
parent cda01d55ba
commit 36086186a9
25 changed files with 920 additions and 810 deletions
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -330,23 +330,6 @@ CERT *ssl_cert_dup(CERT *cert)
 			}
 		rpk->valid_flags = 0;
 #ifndef OPENSSL_NO_TLSEXT
-     if (cert->pkeys[i].authz != NULL)
-			{
-			/* Just copy everything. */
-			ret->pkeys[i].authz_length =
-				cert->pkeys[i].authz_length;
-			ret->pkeys[i].authz =
-				OPENSSL_malloc(ret->pkeys[i].authz_length);
-			if (ret->pkeys[i].authz == NULL)
-				{
-				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
-				return NULL;
-				}
-			memcpy(ret->pkeys[i].authz,
-			       cert->pkeys[i].authz,
-			       cert->pkeys[i].authz_length);
-			}
-
 		if (cert->pkeys[i].serverinfo != NULL)
 			{
 			/* Just copy everything. */
@@ -479,11 +462,6 @@ void ssl_cert_clear_certs(CERT *c)
 			cpk->chain = NULL;
 			}
 #ifndef OPENSSL_NO_TLSEXT
-		if (cpk->authz)
-			{
-			OPENSSL_free(cpk->authz);
-			cpk->authz = NULL;
-			}
 		if (cpk->serverinfo)
 			{
 			OPENSSL_free(cpk->serverinfo);