Various custom extension fixes.

Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.

Conflicts:
	ssl/t1_lib.c

1 files changed, 2 insertions, 19 deletions

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 77abcfce83..2837624ae9 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -463,23 +463,6 @@ static int ssl_set_cert(CERT *c, X509 *x)
 		X509_free(c->pkeys[i].x509);
 	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
 	c->pkeys[i].x509=x;
-#ifndef OPENSSL_NO_TLSEXT
-	/* Free the old authz data, if it exists. */
-	if (c->pkeys[i].authz != NULL)
-		{
-		OPENSSL_free(c->pkeys[i].authz);
-		c->pkeys[i].authz = NULL;
-		c->pkeys[i].authz_length = 0;
-		}
-
-	/* Free the old serverinfo data, if it exists. */
-	if (c->pkeys[i].serverinfo != NULL)
-		{
-		OPENSSL_free(c->pkeys[i].serverinfo);
-		c->pkeys[i].serverinfo = NULL;
-		c->pkeys[i].serverinfo_length = 0;
-		}
-#endif
 	c->key= &(c->pkeys[i]);
 
 	c->valid=0;
@@ -1083,7 +1066,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
 	if (!serverinfo_process_buffer(serverinfo, serverinfo_length, NULL))
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,SSL_R_INVALID_SERVERINFO_DATA);
-		return(0);
+		return 0;
 		}
 	if (!ssl_cert_inst(&ctx->cert))
 		{
@@ -1110,7 +1093,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
 	if (!serverinfo_process_buffer(serverinfo, serverinfo_length, ctx))
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,SSL_R_INVALID_SERVERINFO_DATA);
-		return(0);
+		return 0;
 		}
 	return 1;
 	}