generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Call OCSP Stapling callback after ciphersuite has been chosen, so the

Browse Source 
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.

See http://rt.openssl.org/Ticket/Display.html?id=2836.
This commit is contained in:
Ben Laurie
2012-09-17 14:39:38 +00:00
parent bc78883017
commit 70d91d60bc
5 changed files with 81 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/s3_srvr.c
View File

@@ -1183,7 +1183,7 @@ int ssl3_get_client_hello(SSL *s)
goto f_err;
}
}
if (ssl_check_clienthello_tlsext(s) <= 0) {
if (ssl_check_clienthello_tlsext_early(s) <= 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
@@ -1405,6 +1405,16 @@ int ssl3_get_client_hello(SSL *s)
* s->tmp.new_cipher - the new cipher to use.
*/
/* Handles TLS extensions that we couldn't check earlier */
if (s->version >= SSL3_VERSION)
{
if (ssl_check_clienthello_tlsext_late(s) <= 0)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
}
if (ret < 0) ret=1;
if (0)
{