QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-30 03:34:39 +00:00
Code Issues Projects Releases Wiki Activity

Copy custom extension flags in a call to SSL_set_SSL_CTX()

Browse Source 
The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for
a connection as part of an SNI callback. One result of this is that the
s->cert structure is replaced. However this structure contains information
about any custom extensions that have been loaded. In particular flags are
set indicating whether a particular extension has been received in the
ClientHello. By replacing the s->cert structure we lose the custom
extension flag values, and it appears as if a client has not sent those
extensions.

SSL_set_SSL_CTX() should copy any flags for custom extensions that appear
in both the old and the new cert structure.

Fixes #2180

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3425)
This commit is contained in:
Matt Caswell 2017-05-10 11:28:53 +01:00
parent cf53cbea5b
commit 21181889d7
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/ssl_lib.c
View File

@ -3596,6 +3596,12 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
if (new_cert == NULL) { if (new_cert == NULL) {
return NULL; return NULL;
} }
if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
ssl_cert_free(new_cert);
return NULL;
}
ssl_cert_free(ssl->cert); ssl_cert_free(ssl->cert);
ssl->cert = new_cert; ssl->cert = new_cert;

2
ssl/ssl_locl.h
View File

@ -2470,6 +2470,8 @@ __owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x,
__owur int custom_exts_copy(custom_ext_methods *dst, __owur int custom_exts_copy(custom_ext_methods *dst,
const custom_ext_methods *src); const custom_ext_methods *src);
__owur int custom_exts_copy_flags(custom_ext_methods *dst,
const custom_ext_methods *src);
void custom_exts_free(custom_ext_methods *exts); void custom_exts_free(custom_ext_methods *exts);
void ssl_comp_free_compression_methods_int(void); void ssl_comp_free_compression_methods_int(void);

20
ssl/statem/extensions_cust.c
View File

@ -231,6 +231,26 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
return 1; return 1;
} }
/* Copy the flags from src to dst for any extensions that exist in both */
int custom_exts_copy_flags(custom_ext_methods *dst,
const custom_ext_methods *src)
{
size_t i;
custom_ext_method *methsrc = src->meths;
for (i = 0; i < src->meths_count; i++, methsrc++) {
custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
methsrc->ext_type, NULL);
if (methdst == NULL)
continue;
methdst->ext_flags = methsrc->ext_flags;
}
return 1;
}
/* Copy table of custom extensions */ /* Copy table of custom extensions */
int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
{ {