diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-12 14:25:49 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-08-28 17:06:52 +0100 |
commit | 28ea0a0c6a5e4e217c405340fa22a8503c7a17db (patch) | |
tree | 4ea1ae8b8c4bf685622d2f2627b15f43f8c15b50 /ssl/t1_lib.c | |
parent | ecf4d660902dcef6e0afc51d52926f00d409ee6b (diff) | |
download | openssl-28ea0a0c6a5e4e217c405340fa22a8503c7a17db.tar.gz |
Add custom extension sanity checks.
Reject attempts to use extensions handled internally.
Add flags to each extension structure to indicate if an extension
has been sent or received. Enforce RFC5246 compliance by rejecting
duplicate extensions and unsolicited extensions and only send a
server extension if we have sent the corresponding client extension.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7d0774d5e7..86fb69cb07 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1480,7 +1480,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c } ret += el; } - + custom_ext_init(&s->cert->cli_ext); /* Add custom TLS Extensions to ClientHello */ if (!custom_ext_add(s, 0, &ret, limit, al)) return NULL; @@ -2485,6 +2485,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n) { int al = -1; + custom_ext_init(&s->cert->srv_ext); if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) { ssl3_send_alert(s,SSL3_AL_FATAL,al); |