generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Revision of custom extension code.

Browse Source 
Move custom extension structures from SSL_CTX to CERT structure.

This change means the form can be revised in future without binary
compatibility issues. Also since CERT is part of SSL structures
so per-SSL custom extensions could be supported in future as well as
per SSL_CTX.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2014-08-05 15:21:36 +01:00
parent 06f5d12f51
commit b83294fe30
6 changed files with 98 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ssl/t1_lib.c
View File

@@ -1482,17 +1482,17 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
}
/* Add custom TLS Extensions to ClientHello */
if (s->ctx->custom_cli_ext_records_count)
if (s->cert->custom_cli_ext_records_count)
{
size_t i;
custom_cli_ext_record* record;
for (i = 0; i < s->ctx->custom_cli_ext_records_count; i++)
for (i = 0; i < s->cert->custom_cli_ext_records_count; i++)
{
const unsigned char* out = NULL;
unsigned short outlen = 0;
record = &s->ctx->custom_cli_ext_records[i];
record = &s->cert->custom_cli_ext_records[i];
/* NULL callback sends empty extension */
/* -1 from callback omits extension */
if (record->fn1)
@@ -1747,13 +1747,13 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
}
#endif
for (i = 0; i < s->ctx->custom_srv_ext_records_count; i++)
for (i = 0; i < s->cert->custom_srv_ext_records_count; i++)
{
const unsigned char *out = NULL;
unsigned short outlen = 0;
int cb_retval = 0;
record = &s->ctx->custom_srv_ext_records[i];
record = &s->cert->custom_srv_ext_records[i];
/* NULL callback or -1 omits extension */
if (!record->fn2)
@@ -2503,13 +2503,13 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
* so call the callback and record the extension number so that
* an appropriate ServerHello may be later returned.
*/
else if (!s->hit && s->ctx->custom_srv_ext_records_count)
else if (!s->hit && s->cert->custom_srv_ext_records_count)
{
custom_srv_ext_record *record;
for (i=0; i < s->ctx->custom_srv_ext_records_count; i++)
for (i=0; i < s->cert->custom_srv_ext_records_count; i++)
{
record = &s->ctx->custom_srv_ext_records[i];
record = &s->cert->custom_srv_ext_records[i];
if (type == record->ext_type)
{
if (record->fn1 && !record->fn1(s, type, data, size, al, record->arg))
@@ -2848,14 +2848,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
/* If this extension type was not otherwise handled, but
* matches a custom_cli_ext_record, then send it to the c
* callback */
else if (s->ctx->custom_cli_ext_records_count)
else if (s->cert->custom_cli_ext_records_count)
{
size_t i;
custom_cli_ext_record* record;
for (i = 0; i < s->ctx->custom_cli_ext_records_count; i++)
for (i = 0; i < s->cert->custom_cli_ext_records_count; i++)
{
record = &s->ctx->custom_cli_ext_records[i];
record = &s->cert->custom_cli_ext_records[i];
if (record->ext_type == type)
{
if (record->fn2 && !record->fn2(s, type, data, size, al, record->arg))