- return custom_ext_meth_add(&ctx->cert->cli_ext, ext_type,
- add_cb, free_cb, add_arg, parse_cb, parse_arg);
+ int ret = custom_ext_meth_add(&ctx->cert->cli_ext, ext_type, add_cb,
+ free_cb, add_arg, parse_cb, parse_arg);
+
+ if (ret != 1)
+ goto end;
+
+#ifndef OPENSSL_NO_CT
+ /*
+ * We don't want applications registering callbacks for SCT extensions
+ * whilst simultaneously using the built-in SCT validation features, as
+ * these two things may not play well together.
+ */
+ if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp &&
+ SSL_CTX_get_ct_validation_callback(ctx) != NULL) {
+ ret = 0;
+ }
+#endif
+end:
+ return ret;