diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-05 15:21:36 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-08-15 12:20:04 +0100 |
| commit | b83294fe3022b9d5d525ccdcfeb53d39c25b05bd (patch) | |
| tree | 07f4153b12ead528c0113c6598e56e87cc77d68f /ssl/ssl_cert.c | |
| parent | 06f5d12f511ad81a05e82b3473832a1d1d560172 (diff) | |
Revision of custom extension code.
Move custom extension structures from SSL_CTX to CERT structure.
This change means the form can be revised in future without binary
compatibility issues. Also since CERT is part of SSL structures
so per-SSL custom extensions could be supported in future as well as
per SSL_CTX.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'ssl/ssl_cert.c')
| -rw-r--r-- | ssl/ssl_cert.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 4e75a96283..45049587b9 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -423,6 +423,27 @@ CERT *ssl_cert_dup(CERT *cert) ret->sec_level = cert->sec_level; ret->sec_ex = cert->sec_ex; +#ifndef OPENSSL_NO_TLSEXT + if (cert->custom_cli_ext_records_count) + { + ret->custom_cli_ext_records = BUF_memdup(cert->custom_cli_ext_records, sizeof(custom_cli_ext_record) * cert->custom_cli_ext_records_count); + if (ret->custom_cli_ext_records == NULL) + goto err; + ret->custom_cli_ext_records_count = + cert->custom_cli_ext_records_count; + } + + if (cert->custom_srv_ext_records_count) + { + ret->custom_srv_ext_records = BUF_memdup(cert->custom_srv_ext_records, sizeof(custom_srv_ext_record) * cert->custom_srv_ext_records_count); + if (ret->custom_srv_ext_records == NULL) + goto err; + ret->custom_srv_ext_records_count = + cert->custom_srv_ext_records_count; + } + +#endif + return(ret); #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) @@ -441,6 +462,13 @@ err: EC_KEY_free(ret->ecdh_tmp); #endif +#ifndef OPENSSL_NO_TLSEXT + if (ret->custom_cli_ext_records) + OPENSSL_free(ret->custom_cli_ext_records); + if (ret->custom_srv_ext_records) + OPENSSL_free(ret->custom_srv_ext_records); +#endif + ssl_cert_clear_certs(ret); return NULL; @@ -531,6 +559,12 @@ void ssl_cert_free(CERT *c) X509_STORE_free(c->chain_store); if (c->ciphers_raw) OPENSSL_free(c->ciphers_raw); +#ifndef OPENSSL_NO_TLSEXT + if (c->custom_cli_ext_records) + OPENSSL_free(c->custom_cli_ext_records); + if (c->custom_srv_ext_records) + OPENSSL_free(c->custom_srv_ext_records); +#endif OPENSSL_free(c); } |