Fix two bugs in clienthello processing

- Always process ALPN (previously there was an early return in the certificate status handling) - Don't send a duplicate alert. Previously, both ssl_check_clienthello_tlsext_late and its caller would send an alert. Consolidate alert sending code in the caller. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-07-04 20:32:28 +0200
committer: Emilia Kasper <emilia@openssl.org> 2016-07-19 14:18:03 +0200
commit: 70c22888c1648fe8652e77107f3c74bf2212de36 (patch)
tree: 009ea0932b1ae55cd0063c77d0549b66d2fdd3e7 /ssl/ssl_locl.h
parent: ce2cdac2787da32bcde210c7d6acdcbe41b1cd40 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 1cc63aa819..25cd312c95 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2004,7 +2004,7 @@ __owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
 __owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
 void ssl_set_default_md(SSL *s);
 __owur int tls1_set_server_sigalgs(SSL *s);
-__owur int ssl_check_clienthello_tlsext_late(SSL *s);
+__owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
 __owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt);
 __owur int ssl_prepare_clienthello_tlsext(SSL *s);
 __owur int ssl_prepare_serverhello_tlsext(SSL *s);
author	Emilia Kasper <emilia@openssl.org>	2016-07-04 20:32:28 +0200
committer	Emilia Kasper <emilia@openssl.org>	2016-07-19 14:18:03 +0200
commit	70c22888c1648fe8652e77107f3c74bf2212de36 (patch)
tree	009ea0932b1ae55cd0063c77d0549b66d2fdd3e7 /ssl/ssl_locl.h
parent	ce2cdac2787da32bcde210c7d6acdcbe41b1cd40 (diff)