From: Dr. Stephen Henson Date: Tue, 19 Aug 2014 12:33:51 +0000 (+0100) Subject: New function SSL_extension_supported(). X-Git-Tag: OpenSSL_1_0_2-beta3~78 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=46a1b9ef4f7d15bf7aa3554ed6d424c5f6b4f499;p=oweals%2Fopenssl.git New function SSL_extension_supported(). Reviewed-by: Emilia Käsper (cherry picked from commit c846a5f5678a7149bc6cbd37dbdae886a5108364) --- diff --git a/ssl/ssl.h b/ssl/ssl.h index 189d2e89c1..03dfc5bebe 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1257,6 +1257,9 @@ int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned int ext_type, custom_ext_free_cb free_cb, void *add_arg, custom_ext_parse_cb parse_cb, void *parse_arg); + +int SSL_extension_supported(unsigned int ext_type); + #endif #define SSL_NOTHING 1 diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 115e4345ea..0cca8d5506 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -218,30 +218,9 @@ static int custom_ext_set(custom_ext_methods *exts, custom_ext_parse_cb parse_cb, void *parse_arg) { custom_ext_method *meth; - /* See if it is a supported internally */ - switch(ext_type) - { - case TLSEXT_TYPE_application_layer_protocol_negotiation: - case TLSEXT_TYPE_ec_point_formats: - case TLSEXT_TYPE_elliptic_curves: - case TLSEXT_TYPE_heartbeat: - case TLSEXT_TYPE_next_proto_neg: - case TLSEXT_TYPE_padding: - case TLSEXT_TYPE_renegotiate: - case TLSEXT_TYPE_server_name: - case TLSEXT_TYPE_session_ticket: - case TLSEXT_TYPE_signature_algorithms: - case TLSEXT_TYPE_srp: - case TLSEXT_TYPE_status_request: - case TLSEXT_TYPE_use_srtp: -#ifdef TLSEXT_TYPE_opaque_prf_input - case TLSEXT_TYPE_opaque_prf_input: -#endif -#ifdef TLSEXT_TYPE_encrypt_then_mac - case TLSEXT_TYPE_encrypt_then_mac: -#endif + /* Don't add if extension supported internall */ + if (SSL_extension_supported(ext_type)) return 0; - } /* Extension type must fit in 16 bits */ if (ext_type > 0xffff) return 0; @@ -293,4 +272,34 @@ int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned int ext_type, add_cb, free_cb, add_arg, parse_cb, parse_arg); } + +int SSL_extension_supported(unsigned int ext_type) + { + /* See if it is a supported internally */ + switch(ext_type) + { + case TLSEXT_TYPE_application_layer_protocol_negotiation: + case TLSEXT_TYPE_ec_point_formats: + case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_heartbeat: + case TLSEXT_TYPE_next_proto_neg: + case TLSEXT_TYPE_padding: + case TLSEXT_TYPE_renegotiate: + case TLSEXT_TYPE_server_name: + case TLSEXT_TYPE_session_ticket: + case TLSEXT_TYPE_signature_algorithms: + case TLSEXT_TYPE_srp: + case TLSEXT_TYPE_status_request: + case TLSEXT_TYPE_use_srtp: +#ifdef TLSEXT_TYPE_opaque_prf_input + case TLSEXT_TYPE_opaque_prf_input: +#endif +#ifdef TLSEXT_TYPE_encrypt_then_mac + case TLSEXT_TYPE_encrypt_then_mac: +#endif + return 1; + default: + return 0; + } + } #endif