Add custom extension sanity checks.

Reject attempts to use extensions handled internally. Add flags to each extension structure to indicate if an extension has been sent or received. Enforce RFC5246 compliance by rejecting duplicate extensions and unsolicited extensions and only send a server extension if we have sent the corresponding client extension. Reviewed-by: Emilia Käsper <emilia@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2014-08-12 14:25:49 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-08-28 17:06:52 +0100
commit: 28ea0a0c6a5e4e217c405340fa22a8503c7a17db (patch)
tree: 4ea1ae8b8c4bf685622d2f2627b15f43f8c15b50 /ssl/ssl.h
parent: ecf4d660902dcef6e0afc51d52926f00d409ee6b (diff)
download: openssl-28ea0a0c6a5e4e217c405340fa22a8503c7a17db.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2705c7cf64..2498c3191d 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1273,7 +1273,7 @@ const char *SSL_get_psk_identity(const SSL *s);
  * 
  * Returns nonzero on success.  You cannot register twice for the same 
  * extension number, and registering for an extension number already 
- * handled by OpenSSL will succeed, but the callbacks will not be invoked.
+ * handled by OpenSSL will fail.
  *
  * NULL can be registered for any callback function.  For the client
  * functions, a NULL custom_cli_ext_first_cb_fn sends an empty ClientHello
author	Dr. Stephen Henson <steve@openssl.org>	2014-08-12 14:25:49 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-08-28 17:06:52 +0100
commit	28ea0a0c6a5e4e217c405340fa22a8503c7a17db (patch)
tree	4ea1ae8b8c4bf685622d2f2627b15f43f8c15b50 /ssl/ssl.h
parent	ecf4d660902dcef6e0afc51d52926f00d409ee6b (diff)
download	openssl-28ea0a0c6a5e4e217c405340fa22a8503c7a17db.tar.gz