diff options
| author | jfigus <foleyj@cisco.com> | 2014-12-02 15:44:49 -0500 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-05-16 14:42:30 +0100 |
| commit | ba261f718b1828751ec8a88ee5592fa6436aa422 (patch) | |
| tree | 7a10404bfe31d00a30b4cc9ecef4214daf8ab2d8 | |
| parent | b04f947941d08b5d077a63b017ecee5e4e2e11cc (diff) | |
| download | openssl-ba261f718b1828751ec8a88ee5592fa6436aa422.zip openssl-ba261f718b1828751ec8a88ee5592fa6436aa422.tar.gz openssl-ba261f718b1828751ec8a88ee5592fa6436aa422.tar.bz2 | |
Propagate tlsext_status_type from SSL_CTX to SSL
To allow OCSP stapling to work with libcurl.
Github PR #200
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
| -rw-r--r-- | include/openssl/tls1.h | 3 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 4 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 4 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 4 |
4 files changed, 14 insertions, 1 deletions
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index ffc6eb7..61d5bcc 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -394,6 +394,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) +#define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) + # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 5d5293e..eaf6ee2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3413,6 +3413,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; } + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: + ctx->tlsext_status_type = larg; + break; + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: ctx->tlsext_status_arg = parg; return 1; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e7eb302..14e8c1e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -693,7 +693,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; s->tlsext_ticket_expected = 0; - s->tlsext_status_type = -1; + s->tlsext_status_type = ctx->tlsext_status_type; s->tlsext_status_expected = 0; s->tlsext_ocsp_ids = NULL; s->tlsext_ocsp_exts = NULL; @@ -2502,6 +2502,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_NO_COMPRESSION; + ret->tlsext_status_type = -1; + return ret; err: SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c9c071a..9bc9892 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -953,6 +953,10 @@ struct ssl_ctx_st { size_t tlsext_ellipticcurvelist_length; unsigned char *tlsext_ellipticcurvelist; # endif /* OPENSSL_NO_EC */ + + /* ext status type used for CSR extension (OCSP Stapling) */ + int tlsext_status_type; + CRYPTO_RWLOCK *lock; }; |