Explicitly cache X509v3 extensions in libssl

Caching the X509v3 extensions requires an explicit libctx. We do that where required in libssl. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11409)
author: Matt Caswell <matt@openssl.org> 2020-03-20 11:55:19 +0000
committer: Matt Caswell <matt@openssl.org> 2020-03-30 14:54:37 +0100
commit: 9f0f53b7db502ad338baa45edfd163d0ca7aabc5 (patch)
tree: 22e334c36b500d7731c5990a92a9324dbaef2a95 /ssl/s3_lib.c
parent: 33328581b83e8e9f573f08f0e2e0d6b32d095857 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ffdf3a90fb..9060ee38f0 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -17,6 +17,7 @@
 #include <openssl/dh.h>
 #include <openssl/rand.h>
 #include <openssl/trace.h>
+#include <openssl/x509v3.h>
 #include "internal/cryptlib.h"
 
 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
@@ -3947,6 +3948,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                 return 0;
             }
         }
+        if (!X509v3_cache_extensions((X509 *)parg, ctx->libctx, ctx->propq)) {
+            SSLerr(0, ERR_LIB_X509);
+            return 0;
+        }
         if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
             return 0;
author	Matt Caswell <matt@openssl.org>	2020-03-20 11:55:19 +0000
committer	Matt Caswell <matt@openssl.org>	2020-03-30 14:54:37 +0100
commit	9f0f53b7db502ad338baa45edfd163d0ca7aabc5 (patch)
tree	22e334c36b500d7731c5990a92a9324dbaef2a95 /ssl/s3_lib.c
parent	33328581b83e8e9f573f08f0e2e0d6b32d095857 (diff)