diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-05 15:21:36 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-08-28 17:06:50 +0100 |
| commit | da67a0ae3462f6c6447ed841a9ec514077244b02 (patch) | |
| tree | 83c6ede13bdfa499ce877a4515d54994d769f95a /ssl/ssl_cert.c | |
| parent | 9a9b0c0401cae443f115ff19921d347b20aa396b (diff) | |
Revision of custom extension code.
Move custom extension structures from SSL_CTX to CERT structure.
This change means the form can be revised in future without binary
compatibility issues. Also since CERT is part of SSL structures
so per-SSL custom extensions could be supported in future as well as
per SSL_CTX.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit b83294fe3022b9d5d525ccdcfeb53d39c25b05bd)
Conflicts:
ssl/ssl.h
ssl/ssl_cert.c
ssl/ssl_locl.h
Diffstat (limited to 'ssl/ssl_cert.c')
| -rw-r--r-- | ssl/ssl_cert.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index fc63bdbf24..f0035d768d 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -434,6 +434,27 @@ CERT *ssl_cert_dup(CERT *cert) ret->ciphers_raw = NULL; +#ifndef OPENSSL_NO_TLSEXT + if (cert->custom_cli_ext_records_count) + { + ret->custom_cli_ext_records = BUF_memdup(cert->custom_cli_ext_records, sizeof(custom_cli_ext_record) * cert->custom_cli_ext_records_count); + if (ret->custom_cli_ext_records == NULL) + goto err; + ret->custom_cli_ext_records_count = + cert->custom_cli_ext_records_count; + } + + if (cert->custom_srv_ext_records_count) + { + ret->custom_srv_ext_records = BUF_memdup(cert->custom_srv_ext_records, sizeof(custom_srv_ext_record) * cert->custom_srv_ext_records_count); + if (ret->custom_srv_ext_records == NULL) + goto err; + ret->custom_srv_ext_records_count = + cert->custom_srv_ext_records_count; + } + +#endif + return(ret); #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) @@ -452,6 +473,13 @@ err: EC_KEY_free(ret->ecdh_tmp); #endif +#ifndef OPENSSL_NO_TLSEXT + if (ret->custom_cli_ext_records) + OPENSSL_free(ret->custom_cli_ext_records); + if (ret->custom_srv_ext_records) + OPENSSL_free(ret->custom_srv_ext_records); +#endif + ssl_cert_clear_certs(ret); return NULL; @@ -542,6 +570,12 @@ void ssl_cert_free(CERT *c) X509_STORE_free(c->chain_store); if (c->ciphers_raw) OPENSSL_free(c->ciphers_raw); +#ifndef OPENSSL_NO_TLSEXT + if (c->custom_cli_ext_records) + OPENSSL_free(c->custom_cli_ext_records); + if (c->custom_srv_ext_records) + OPENSSL_free(c->custom_srv_ext_records); +#endif OPENSSL_free(c); } |