TLS: reject duplicate extensions

Adapted from BoringSSL. Added a test. The extension parsing code is already attempting to already handle this for some individual extensions, but it is doing so inconsistently. Duplicate efforts in individual extension parsing will be cleaned up in a follow-up. Reviewed-by: Stephen Henson <steve@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-02-19 17:24:44 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-02-19 17:24:44 +0100
commit: aa474d1fb172aabb29dad04cb6aaeca601a4378c (patch)
tree: 51a82f8896aecd1f989f84e08ea15b0b9e4255e2 /include
parent: f0496ad71fbacccf5a95f40d31d251bc8cf9dcfb (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 36d17dd224..9709103d5f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2123,6 +2123,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_STATE_MACHINE                              353
 # define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
 # define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
+# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS            341
 # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT              274
 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
 # define SSL_F_TLS1_GET_CURVELIST                         338
author	Emilia Kasper <emilia@openssl.org>	2016-02-19 17:24:44 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-02-19 17:24:44 +0100
commit	aa474d1fb172aabb29dad04cb6aaeca601a4378c (patch)
tree	51a82f8896aecd1f989f84e08ea15b0b9e4255e2 /include
parent	f0496ad71fbacccf5a95f40d31d251bc8cf9dcfb (diff)