git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Wed, 10 May 2017 10:28:53 +0000 (11:28 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 10 May 2017 15:54:06 +0000 (16:54 +0100)
commit	c645f9de477e3a90da2109863f9971e93ea38b58
tree	f4c3ebbf80fa11e18a353d9195a259e3d0d66cbc	tree \| snapshot
parent	fbf09642692d3bf9343301d1e8befd37eef0277c	commit \| diff

Copy custom extension flags in a call to SSL_set_SSL_CTX()

The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for
a connection as part of an SNI callback. One result of this is that the
s->cert structure is replaced. However this structure contains information
about any custom extensions that have been loaded. In particular flags are
set indicating whether a particular extension has been received in the
ClientHello. By replacing the s->cert structure we lose the custom
extension flag values, and it appears as if a client has not sent those
extensions.

SSL_set_SSL_CTX() should copy any flags for custom extensions that appear
in both the old and the new cert structure.

Fixes #2180

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3426)

ssl/ssl_lib.c		diff \| blob \| history
ssl/ssl_locl.h		diff \| blob \| history
ssl/t1_ext.c		diff \| blob \| history