projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f0496ad) | patch
TLS: reject duplicate extensions
authorEmilia Kasper <emilia@openssl.org>
Fri, 19 Feb 2016 16:24:44 +0000 (17:24 +0100)
committerEmilia Kasper <emilia@openssl.org>
Fri, 19 Feb 2016 16:24:44 +0000 (17:24 +0100)
commitaa474d1fb172aabb29dad04cb6aaeca601a4378c
tree51a82f8896aecd1f989f84e08ea15b0b9e4255e2tree | snapshot
parentf0496ad71fbacccf5a95f40d31d251bc8cf9dcfbcommit | diff
TLS: reject duplicate extensions

Adapted from BoringSSL. Added a test.

The extension parsing code is already attempting to already handle this for
some individual extensions, but it is doing so inconsistently. Duplicate
efforts in individual extension parsing will be cleaned up in a follow-up.

Reviewed-by: Stephen Henson <steve@openssl.org>
include/openssl/ssl.h diff | blob | history
ssl/ssl_err.c diff | blob | history
ssl/t1_lib.c diff | blob | history
test/recipes/70-test_sslcertstatus.t diff | blob | history
test/recipes/70-test_sslextension.t diff | blob | history
test/recipes/70-test_sslsessiontick.t diff | blob | history
test/recipes/70-test_tlsextms.t diff | blob | history
util/TLSProxy/ClientHello.pm diff | blob | history
util/TLSProxy/Message.pm diff | blob | history
util/TLSProxy/ServerHello.pm diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.