Add custom extension sanity checks.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 12 Aug 2014 13:25:49 +0000 (14:25 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 28 Aug 2014 17:09:39 +0000 (18:09 +0100)
commit9346c75cb8bea75d3410be65f5b625289f375b2d
tree699dd1acc44dbd9dfa6acd236efca619f944ef3a
parent0a4fe37fc6248e5efadcda34015eff122e01b1db
Add custom extension sanity checks.

Reject attempts to use extensions handled internally.

Add flags to each extension structure to indicate if an extension
has been sent or received. Enforce RFC5246 compliance by rejecting
duplicate extensions and unsolicited extensions and only send a
server extension if we have sent the corresponding client extension.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 28ea0a0c6a5e4e217c405340fa22a8503c7a17db)
ssl/ssl.h
ssl/ssl_locl.h
ssl/t1_ext.c
ssl/t1_lib.c