diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-12 14:25:49 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-08-28 17:06:52 +0100 |
commit | 28ea0a0c6a5e4e217c405340fa22a8503c7a17db (patch) | |
tree | 4ea1ae8b8c4bf685622d2f2627b15f43f8c15b50 /ssl/ssl.h | |
parent | ecf4d660902dcef6e0afc51d52926f00d409ee6b (diff) | |
download | openssl-28ea0a0c6a5e4e217c405340fa22a8503c7a17db.tar.gz |
Add custom extension sanity checks.
Reject attempts to use extensions handled internally.
Add flags to each extension structure to indicate if an extension
has been sent or received. Enforce RFC5246 compliance by rejecting
duplicate extensions and unsolicited extensions and only send a
server extension if we have sent the corresponding client extension.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'ssl/ssl.h')
-rw-r--r-- | ssl/ssl.h | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1273,7 +1273,7 @@ const char *SSL_get_psk_identity(const SSL *s); * * Returns nonzero on success. You cannot register twice for the same * extension number, and registering for an extension number already - * handled by OpenSSL will succeed, but the callbacks will not be invoked. + * handled by OpenSSL will fail. * * NULL can be registered for any callback function. For the client * functions, a NULL custom_cli_ext_first_cb_fn sends an empty ClientHello |