diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-02-19 17:24:44 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-02-19 17:24:44 +0100 |
commit | aa474d1fb172aabb29dad04cb6aaeca601a4378c (patch) | |
tree | 51a82f8896aecd1f989f84e08ea15b0b9e4255e2 /ssl/ssl_err.c | |
parent | f0496ad71fbacccf5a95f40d31d251bc8cf9dcfb (diff) |
TLS: reject duplicate extensions
Adapted from BoringSSL. Added a test.
The extension parsing code is already attempting to already handle this for
some individual extensions, but it is doing so inconsistently. Duplicate
efforts in individual extension parsing will be cleaned up in a follow-up.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/ssl_err.c')
-rw-r--r-- | ssl/ssl_err.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index e6b9bbdb9c..46f483febe 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -273,6 +273,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_STATE_MACHINE), "state_machine"}, {ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"}, {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"}, + {ERR_FUNC(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS), + "tls1_check_duplicate_extensions"}, {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), |