diff options
author | Bodo Möller <bodo@openssl.org> | 2006-01-03 03:27:19 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2006-01-03 03:27:19 +0000 |
commit | f1fd4544a3747682010ed89ac908713fe90b8304 (patch) | |
tree | 065bf82040e2d29ce319117bec6952e59ede2fcb /ssl/s3_srvr.c | |
parent | 349eb12fd5ac3ce216a6d89084b8c6a63b9388b7 (diff) |
Various changes in the new TLS extension code, including the following:
- fix indentation
- rename some functions and macros
- fix up confusion between SSL_ERROR_... and SSL_AD_... values
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 46 |
1 files changed, 16 insertions, 30 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 25b56fa6fa..954959404a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -283,13 +283,14 @@ int ssl3_accept(SSL *s) if (ret <= 0) goto end; #ifndef OPENSSL_NO_TLSEXT { - int extension_error = 0,al; - if ((al = ssl_check_Hello_TLS_extensions(s,&extension_error)) != SSL_ERROR_NONE){ - ret = -1; + int al; + if (ssl_check_tlsext(s,&al) <= 0) + { + ssl3_send_alert(s,SSL3_AL_FATAL,al); /* XXX does this *have* to be fatal? */ SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLS_EXT); - ssl3_send_alert(s,al,extension_error); + ret = -1; goto end; - } + } } #endif s->new_session = 2; @@ -937,32 +938,17 @@ int ssl3_get_client_hello(SSL *s) } #endif - /* TLS does not mind if there is extra stuff */ -#if 0 /* SSL 3.0 does not mind either, so we should disable this test - * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, - * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */ - if (s->version == SSL3_VERSION) - { - if (p < (d+n)) - { - /* wrong number of bytes, - * there could be more to follow */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - } -#endif #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (s->version > SSL3_VERSION) - { - if ((al = ssl_parse_ClientHello_TLS_extensions(s,&p,d,n)) != SSL_ERROR_NONE){ + { + if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) + { + /* 'al' set by ssl_parse_clienthello_tlsext */ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLS_EXT); - ssl3_send_alert(s,SSL3_AL_WARNING,al); - return (ret = al); + goto f_err; + } } - } #endif /* Given s->session->ciphers and SSL_get_ciphers, we must @@ -1109,11 +1095,11 @@ int ssl3_send_server_hello(SSL *s) *(p++)=s->s3->tmp.new_compression->id; #endif #ifndef OPENSSL_NO_TLSEXT - if ((p = ssl_add_ServerHello_TLS_extensions(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) - { + if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) + { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); return -1; - } + } #endif /* do the header */ |