Avoid contradictive error code assignments.

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index afe7162ab71e2cd13c5b7603e60c2f1245792dac..42aa8745420a400ae7ee93be33b1783cc9e4d145 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -58,7 +58,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -307,6 +307,10 @@ SSL *SSL_new(SSL_CTX *ctx)
 
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
        s->ctx=ctx;
+#ifndef OPENSSL_NO_TLSEXT
+       CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+       s->initial_ctx=ctx;
+#endif
 
        s->verify_result=X509_V_OK;
 
@@ -493,6 +497,9 @@ void SSL_free(SSL *s)
        /* Free up if allocated */
 
        if (s->ctx) SSL_CTX_free(s->ctx);
+#ifndef OPENSSL_NO_TLSEXT
+       if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
+#endif
 
        if (s->client_CA != NULL)
                sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
@@ -1315,27 +1322,30 @@ err:
        return(NULL);
        }
 
+
 #ifndef OPENSSL_TLSEXT
-/** return a servername extension value if provided in CLIENT HELLO
- * or NULL. 
- * For the moment, only hostname types are supported. 
+/** return a servername extension value if provided in Client Hello, or NULL. 
+ * So far, only host_name types are defined (RFC 3546).
  */
 
-const char *SSL_get_servername(const SSL *s, const int type) {
-
-       if (type != TLSEXT_TYPE_SERVER_host) 
+const char *SSL_get_servername(const SSL *s, const int type)
+       {
+       if (type != TLSEXT_NAMETYPE_host_name)
                return NULL;
-       return s->session /*&&s->session->tlsext_hostname*/?s->session->tlsext_hostname:s->tlsext_hostname;
-}
-
-int SSL_get_servername_type(const SSL *s) {
+       /* XXX cf. SSL_CTRL_GET_TLSEXT_HOSTNAME case in ssl3_ctrl (s3_lib.c) */
+       return s->session /*&&s->session->tlsext_hostname*/ ?
+               s->session->tlsext_hostname :
+               s->tlsext_hostname;
+       }
 
-       if (s->session &&s->session->tlsext_hostname ?s->session->tlsext_hostname:s->tlsext_hostname) 
-               return TLSEXT_TYPE_SERVER_host;
+int SSL_get_servername_type(const SSL *s)
+       {
+       if (s->session &&s->session->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname) 
+               return TLSEXT_NAMETYPE_host_name;
        return -1;
-}
-
+       }
 #endif
+
 unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
        {
        unsigned long l;
@@ -1488,7 +1498,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
 
 #ifndef OPENSSL_NO_TLSEXT
-       ret->tlsext_servername_callback = NULL;
+       ret->tlsext_servername_callback = 0;
        ret->tlsext_servername_arg = NULL;
 #endif
        return(ret);
@@ -2442,7 +2452,6 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
 
 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
        {
-
        if (ssl->cert != NULL)
                ssl_cert_free(ssl->cert);
        ssl->cert = ssl_cert_dup(ctx->cert);