diff options
author | jfigus <foleyj@cisco.com> | 2014-12-02 15:44:49 -0500 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-05-16 14:42:30 +0100 |
commit | ba261f718b1828751ec8a88ee5592fa6436aa422 (patch) | |
tree | 7a10404bfe31d00a30b4cc9ecef4214daf8ab2d8 /ssl | |
parent | b04f947941d08b5d077a63b017ecee5e4e2e11cc (diff) | |
download | openssl-ba261f718b1828751ec8a88ee5592fa6436aa422.tar.gz |
Propagate tlsext_status_type from SSL_CTX to SSL
To allow OCSP stapling to work with libcurl.
Github PR #200
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 4 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 4 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 4 |
3 files changed, 11 insertions, 1 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 5d5293e1fc..eaf6ee23e9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3413,6 +3413,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; } + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: + ctx->tlsext_status_type = larg; + break; + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: ctx->tlsext_status_arg = parg; return 1; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e7eb3028b4..14e8c1e4f6 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -693,7 +693,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; s->tlsext_ticket_expected = 0; - s->tlsext_status_type = -1; + s->tlsext_status_type = ctx->tlsext_status_type; s->tlsext_status_expected = 0; s->tlsext_ocsp_ids = NULL; s->tlsext_ocsp_exts = NULL; @@ -2502,6 +2502,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_NO_COMPRESSION; + ret->tlsext_status_type = -1; + return ret; err: SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c9c071ae6f..9bc9892e2c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -953,6 +953,10 @@ struct ssl_ctx_st { size_t tlsext_ellipticcurvelist_length; unsigned char *tlsext_ellipticcurvelist; # endif /* OPENSSL_NO_EC */ + + /* ext status type used for CSR extension (OCSP Stapling) */ + int tlsext_status_type; + CRYPTO_RWLOCK *lock; }; |