From 4b6dee2b1482a2c2c6092d3563788d9cdad9829f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 29 Sep 2014 16:44:24 +0100 Subject: [PATCH] Parse custom extensions after internal extensions. Reviewed-by: Rich Salz --- ssl/t1_lib.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f46279dbb3..dc108aa894 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2434,6 +2434,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char al)) return 0; } +#ifdef TLSEXT_TYPE_encrypt_then_mac + else if (type == TLSEXT_TYPE_encrypt_then_mac) + s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; +#endif /* If this ClientHello extension was unhandled and this is * a nonresumed connection, check whether the extension is a * custom TLS Extension (has a custom_srv_ext_record), and if @@ -2445,10 +2449,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char if (custom_ext_parse(s, 1, type, data, size, al) <= 0) return 0; } -#ifdef TLSEXT_TYPE_encrypt_then_mac - else if (type == TLSEXT_TYPE_encrypt_then_mac) - s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; -#endif data+=size; } @@ -2774,11 +2774,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char al)) return 0; } - /* If this extension type was not otherwise handled, but - * matches a custom_cli_ext_record, then send it to the c - * callback */ - else if (custom_ext_parse(s, 0, type, data, size, al) <= 0) - return 0; #ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) { @@ -2787,6 +2782,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; } #endif + /* If this extension type was not otherwise handled, but + * matches a custom_cli_ext_record, then send it to the c + * callback */ + else if (custom_ext_parse(s, 0, type, data, size, al) <= 0) + return 0; data += size; } -- 2.25.1