Add custom extension sanity checks.

Reject attempts to use extensions handled internally. Add flags to each extension structure to indicate if an extension has been sent or received. Enforce RFC5246 compliance by rejecting duplicate extensions and unsolicited extensions and only send a server extension if we have sent the corresponding client extension. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 28ea0a0c6a5e4e217c405340fa22a8503c7a17db)
author: Dr. Stephen Henson <steve@openssl.org> 2014-08-12 14:25:49 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-08-28 18:09:39 +0100
commit: 9346c75cb8bea75d3410be65f5b625289f375b2d (patch)
tree: 699dd1acc44dbd9dfa6acd236efca619f944ef3a /ssl/ssl.h
parent: 0a4fe37fc6248e5efadcda34015eff122e01b1db (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 823bf0625b..65dfe97933 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1266,7 +1266,7 @@ const char *SSL_get_psk_identity(const SSL *s);
  * 
  * Returns nonzero on success.  You cannot register twice for the same 
  * extension number, and registering for an extension number already 
- * handled by OpenSSL will succeed, but the callbacks will not be invoked.
+ * handled by OpenSSL will fail.
  *
  * NULL can be registered for any callback function.  For the client
  * functions, a NULL custom_cli_ext_first_cb_fn sends an empty ClientHello
author	Dr. Stephen Henson <steve@openssl.org>	2014-08-12 14:25:49 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-08-28 18:09:39 +0100
commit	9346c75cb8bea75d3410be65f5b625289f375b2d (patch)
tree	699dd1acc44dbd9dfa6acd236efca619f944ef3a /ssl/ssl.h
parent	0a4fe37fc6248e5efadcda34015eff122e01b1db (diff)