Copy custom extension flags in a call to SSL_set_SSL_CTX()
The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for
a connection as part of an SNI callback. One result of this is that the
s->cert structure is replaced. However this structure contains information
about any custom extensions that have been loaded. In particular flags are
set indicating whether a particular extension has been received in the
ClientHello. By replacing the s->cert structure we lose the custom
extension flag values, and it appears as if a client has not sent those
extensions.
SSL_set_SSL_CTX() should copy any flags for custom extensions that appear
in both the old and the new cert structure.
Fixes #2180
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3426)
Matt Caswell
7 years ago
| 2116 | 2116 |
|
| 2117 | 2117 |
__owur int custom_exts_copy(custom_ext_methods *dst,
|
| 2118 | 2118 |
const custom_ext_methods *src);
|
|
2119 |
__owur int custom_exts_copy_flags(custom_ext_methods *dst,
|
|
2120 |
const custom_ext_methods *src);
|
| 2119 | 2121 |
void custom_exts_free(custom_ext_methods *exts);
|
| 2120 | 2122 |
|
| 2121 | 2123 |
void ssl_comp_free_compression_methods_int(void);
|
| 127 | 127 |
meth->free_cb(s, meth->ext_type, out, meth->add_arg);
|
| 128 | 128 |
}
|
| 129 | 129 |
*pret = ret;
|
|
130 |
return 1;
|
|
131 |
}
|
|
132 |
|
|
133 |
/* Copy the flags from src to dst for any extensions that exist in both */
|
|
134 |
int custom_exts_copy_flags(custom_ext_methods *dst,
|
|
135 |
const custom_ext_methods *src)
|
|
136 |
{
|
|
137 |
size_t i;
|
|
138 |
custom_ext_method *methsrc = src->meths;
|
|
139 |
|
|
140 |
for (i = 0; i < src->meths_count; i++, methsrc++) {
|
|
141 |
custom_ext_method *methdst = custom_ext_find(dst, methsrc->ext_type);
|
|
142 |
|
|
143 |
if (methdst == NULL)
|
|
144 |
continue;
|
|
145 |
|
|
146 |
methdst->ext_flags = methsrc->ext_flags;
|
|
147 |
}
|
|
148 |
|
| 130 | 149 |
return 1;
|
| 131 | 150 |
}
|
| 132 | 151 |
|