Implement a new custom extensions API

The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of messages. Therefore we need a new API to be able to cope with that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
author: Matt Caswell <matt@openssl.org> 2017-04-05 11:59:23 +0100
committer: Matt Caswell <matt@openssl.org> 2017-04-07 13:41:04 +0100
commit: 43ae5eed6f8665b88f45445df666ab2688aae7b0 (patch)
tree: 33413025b37f6fb6f4d406591c9fbbb066702d1b /ssl/ssl_cert.c
parent: fe874d27d33faa527b5e945137787bf6b0f5c253 (diff)
1 files changed, 2 insertions, 5 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a4e7977012..3a85ede638 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -190,9 +190,7 @@ CERT *ssl_cert_dup(CERT *cert)
     ret->sec_level = cert->sec_level;
     ret->sec_ex = cert->sec_ex;
 
-    if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
-        goto err;
-    if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
+    if (!custom_exts_copy(&ret->custext, &cert->custext))
         goto err;
 #ifndef OPENSSL_NO_PSK
     if (cert->psk_identity_hint) {
@@ -254,8 +252,7 @@ void ssl_cert_free(CERT *c)
     OPENSSL_free(c->ctype);
     X509_STORE_free(c->verify_store);
     X509_STORE_free(c->chain_store);
-    custom_exts_free(&c->cli_ext);
-    custom_exts_free(&c->srv_ext);
+    custom_exts_free(&c->custext);
 #ifndef OPENSSL_NO_PSK
     OPENSSL_free(c->psk_identity_hint);
 #endif
author	Matt Caswell <matt@openssl.org>	2017-04-05 11:59:23 +0100
committer	Matt Caswell <matt@openssl.org>	2017-04-07 13:41:04 +0100
commit	43ae5eed6f8665b88f45445df666ab2688aae7b0 (patch)
tree	33413025b37f6fb6f4d406591c9fbbb066702d1b /ssl/ssl_cert.c
parent	fe874d27d33faa527b5e945137787bf6b0f5c253 (diff)