Copy custom extension flags in a call to SSL_set_SSL_CTX()

The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for a connection as part of an SNI callback. One result of this is that the s->cert structure is replaced. However this structure contains information about any custom extensions that have been loaded. In particular flags are set indicating whether a particular extension has been received in the ClientHello. By replacing the s->cert structure we lose the custom extension flag values, and it appears as if a client has not sent those extensions. SSL_set_SSL_CTX() should copy any flags for custom extensions that appear in both the old and the new cert structure. Fixes #2180 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3427)
author: Matt Caswell <matt@openssl.org> 2017-05-10 11:28:53 +0100
committer: Matt Caswell <matt@openssl.org> 2017-05-10 14:06:58 +0100
commit: ea3fc6010f56bad83560592b54bc54de962bbd39 (patch)
tree: e791f7f24fced75d38fa8702b502607033503a57 /ssl/ssl_locl.h
parent: 4ae5993cab1b1c42cfc99180c00ae0a235ce940c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 362c2b8a15..aeffc00634 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1482,6 +1482,8 @@ int custom_ext_add(SSL *s, int server,
                    unsigned char **pret, unsigned char *limit, int *al);
 
 int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);
+int custom_exts_copy_flags(custom_ext_methods *dst,
+                           const custom_ext_methods *src);
 void custom_exts_free(custom_ext_methods *exts);
 
 # else
author	Matt Caswell <matt@openssl.org>	2017-05-10 11:28:53 +0100
committer	Matt Caswell <matt@openssl.org>	2017-05-10 14:06:58 +0100
commit	ea3fc6010f56bad83560592b54bc54de962bbd39 (patch)
tree	e791f7f24fced75d38fa8702b502607033503a57 /ssl/ssl_locl.h
parent	4ae5993cab1b1c42cfc99180c00ae0a235ce940c (diff)