Enable various DTLS extensions.

Some TLS extensions were disabled for DTLS. Possibly because they caused problems with the old duplicated code. Enable them again. (cherry picked from commit 874a18cfadc6bac0ad73482325f2ca72dfccdb82)
author: Dr. Stephen Henson <steve@openssl.org> 2013-03-19 15:49:35 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-09-18 13:46:02 +0100
commit: 052d0358f2e421dbd6f82c1fa50cf7eb59f52f49 (patch)
tree: 2639991a7c947d8ac6842661bcbfd3047341e7ea /ssl
parent: 1b6ab411d32f5fb07e8c69d50f22c298ba95e0ba (diff)
1 files changed, 13 insertions, 22 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1aa59c2f72..35a58a956c 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1105,7 +1105,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 #ifndef OPENSSL_NO_EC
 	/* See if we support any ECC ciphersuites */
 	int using_ecc = 0;
-	if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION)
+	if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s))
 		{
 		int i;
 		unsigned long alg_k, alg_a;
@@ -1322,8 +1322,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		}
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->client_opaque_prf_input != NULL &&
-	    s->version != DTLS1_VERSION)
+	if (s->s3->client_opaque_prf_input != NULL)
 		{
 		size_t col = s->s3->client_opaque_prf_input_len;
 		
@@ -1340,8 +1339,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		}
 #endif
 
-	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
-	    s->version != DTLS1_VERSION)
+	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
 		{
 		int i;
 		long extlen, idlen, itmp;
@@ -1548,7 +1546,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
         }
 
 #ifndef OPENSSL_NO_EC
-	if (using_ecc && s->version != DTLS1_VERSION)
+	if (using_ecc)
 		{
 		const unsigned char *plist;
 		size_t plistlen;
@@ -1591,8 +1589,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		}
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->server_opaque_prf_input != NULL &&
-	    s->version != DTLS1_VERSION)
+	if (s->s3->server_opaque_prf_input != NULL)
 		{
 		size_t sol = s->s3->server_opaque_prf_input_len;
 		
@@ -2092,8 +2089,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 #endif
 
 #ifndef OPENSSL_NO_EC
-		else if (type == TLSEXT_TYPE_ec_point_formats &&
-	             s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_ec_point_formats)
 			{
 			unsigned char *sdata = data;
 			int ecpointformatlist_length = *(sdata++);
@@ -2128,8 +2124,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 			fprintf(stderr,"\n");
 #endif
 			}
-		else if (type == TLSEXT_TYPE_elliptic_curves &&
-	             s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_elliptic_curves)
 			{
 			unsigned char *sdata = data;
 			int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -2167,8 +2162,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 			}
 #endif /* OPENSSL_NO_EC */
 #ifdef TLSEXT_TYPE_opaque_prf_input
-		else if (type == TLSEXT_TYPE_opaque_prf_input &&
-	             s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_opaque_prf_input)
 			{
 			unsigned char *sdata = data;
 
@@ -2243,8 +2237,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 				return 0;
 				}
 			}
-		else if (type == TLSEXT_TYPE_status_request &&
-		         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
+		else if (type == TLSEXT_TYPE_status_request
+		         && s->ctx->tlsext_status_cb)
 			{
 		
 			if (size < 5) 
@@ -2622,8 +2616,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 			}
 
 #ifndef OPENSSL_NO_EC
-		else if (type == TLSEXT_TYPE_ec_point_formats &&
-	             s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_ec_point_formats)
 			{
 			unsigned char *sdata = data;
 			int ecpointformatlist_length = *(sdata++);
@@ -2669,8 +2662,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 			s->tlsext_ticket_expected = 1;
 			}
 #ifdef TLSEXT_TYPE_opaque_prf_input
-		else if (type == TLSEXT_TYPE_opaque_prf_input &&
-	             s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_opaque_prf_input)
 			{
 			unsigned char *sdata = data;
 
@@ -2700,8 +2692,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 				}
 			}
 #endif
-		else if (type == TLSEXT_TYPE_status_request &&
-		         s->version != DTLS1_VERSION)
+		else if (type == TLSEXT_TYPE_status_request)
 			{
 			/* MUST be empty and only sent if we've requested
 			 * a status request message.
author	Dr. Stephen Henson <steve@openssl.org>	2013-03-19 15:49:35 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-09-18 13:46:02 +0100
commit	052d0358f2e421dbd6f82c1fa50cf7eb59f52f49 (patch)
tree	2639991a7c947d8ac6842661bcbfd3047341e7ea /ssl
parent	1b6ab411d32f5fb07e8c69d50f22c298ba95e0ba (diff)