Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.

If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate. (cherry picked from commit ac20719d99) Conflicts: ssl/t1_lib.c
2013-09-12 12:03:40 -07:00
parent 7198c5af1f
commit fc213217e8
12 changed files with 130 additions and 122 deletions
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -406,7 +406,7 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S
 */
 typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
 					  const unsigned char **out,
-					  unsigned short *outlen, void *arg);
+                                          unsigned short *outlen, int *al, void *arg);
 typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
 					   const unsigned char *in,
 					   unsigned short inlen, int *al,
@@ -418,7 +418,7 @@ typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
 					  void *arg);
 typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
 					   const unsigned char **out,
-					   unsigned short *outlen, void *arg); 
+                                           unsigned short *outlen, int *al, void *arg);

 typedef struct {
 	unsigned short ext_type;
@@ -457,7 +457,7 @@ typedef struct {
 */
 typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
 	     const unsigned char **out,
-	     unsigned short *outlen, void *arg);
+             unsigned short *outlen, int *al, void *arg);
 typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
 	     const unsigned char *in,
 	     unsigned short inlen, int *al,
@@ -469,7 +469,7 @@ typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
 	     void *arg);
 typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
 	     const unsigned char **out,
-	     unsigned short *outlen, void *arg);
+             unsigned short *outlen, int *al, void *arg);

 typedef struct {
 	unsigned short supp_data_type;