diff options
| author | Matt Caswell <matt@openssl.org> | 2017-05-04 15:17:53 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-05-04 16:02:08 +0100 |
| commit | 7a4e6a1e506d9bc88987b0ab6c028d8a057ca668 (patch) | |
| tree | 74e5f4e042b03da40ef68a742966a998b58abfd5 /ssl/ssl_rsa.c | |
| parent | 16afd71c1dbafad398fc0c40e90b06acccca29de (diff) | |
| download | openssl-7a4e6a1e506d9bc88987b0ab6c028d8a057ca668.zip openssl-7a4e6a1e506d9bc88987b0ab6c028d8a057ca668.tar.gz openssl-7a4e6a1e506d9bc88987b0ab6c028d8a057ca668.tar.bz2 | |
Updates to serverinfo fix based on review feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3382)
Diffstat (limited to 'ssl/ssl_rsa.c')
| -rw-r--r-- | ssl/ssl_rsa.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 8bb8d82..6f1c380 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -19,10 +19,10 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -static const unsigned int synthv1context = SSL_EXT_TLS1_2_AND_BELOW_ONLY - | SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_IGNORE_ON_RESUMPTION; +#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ + | SSL_EXT_CLIENT_HELLO \ + | SSL_EXT_TLS1_2_SERVER_HELLO \ + | SSL_EXT_IGNORE_ON_RESUMPTION) int SSL_use_certificate(SSL *ssl, X509 *x) { @@ -838,7 +838,7 @@ static int serverinfo_process_buffer(unsigned int version, * also use the old API even if we have V2 serverinfo but the context * looks like an old style <= TLSv1.2 extension. */ - if (version == SSL_SERVERINFOV1 || context == synthv1context) { + if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) { if (!SSL_CTX_add_server_custom_ext(ctx, ext_type, serverinfo_srv_add_cb, NULL, NULL, @@ -920,7 +920,6 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) int ret = 0; BIO *bin = NULL; size_t num_extensions = 0, contextoff = 0; - unsigned int version; if (ctx == NULL || file == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER); @@ -938,6 +937,8 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) } for (num_extensions = 0;; num_extensions++) { + unsigned int version; + if (PEM_read_bio(bin, &name, &header, &extension, &extension_length) == 0) { /* @@ -1009,8 +1010,8 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) /* We know this only uses the last 2 bytes */ sinfo[0] = 0; sinfo[1] = 0; - sinfo[2] = (synthv1context >> 8) & 0xff; - sinfo[3] = synthv1context & 0xff; + sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff; + sinfo[3] = SYNTHV1CONTEXT & 0xff; } memcpy(serverinfo + serverinfo_length + contextoff, extension, extension_length); |