diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-02-19 17:24:44 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-02-19 17:24:44 +0100 |
commit | aa474d1fb172aabb29dad04cb6aaeca601a4378c (patch) | |
tree | 51a82f8896aecd1f989f84e08ea15b0b9e4255e2 /include | |
parent | f0496ad71fbacccf5a95f40d31d251bc8cf9dcfb (diff) |
TLS: reject duplicate extensions
Adapted from BoringSSL. Added a test.
The extension parsing code is already attempting to already handle this for
some individual extensions, but it is doing so inconsistently. Duplicate
efforts in individual extension parsing will be cleaned up in a follow-up.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 36d17dd224..9709103d5f 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2123,6 +2123,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_STATE_MACHINE 353 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 # define SSL_F_TLS1_GET_CURVELIST 338 |