Propagate tlsext_status_type from SSL_CTX to SSL

author jfigus <foleyj@cisco.com>

Tue, 2 Dec 2014 20:44:49 +0000 (15:44 -0500)

committer Matt Caswell <matt@openssl.org>

Mon, 16 May 2016 13:42:30 +0000 (14:42 +0100)
author jfigus <foleyj@cisco.com>
Tue, 2 Dec 2014 20:44:49 +0000 (15:44 -0500)
committer Matt Caswell <matt@openssl.org>
Mon, 16 May 2016 13:42:30 +0000 (14:42 +0100)
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h

index ffc6eb7c5aff0eb139b53ef5ae2aa410be654201..61d5bccac4978be27a8c458ae0e5b6f16ee58478 100644 (file)
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -394,6 +394,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
  # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
  SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
  
+#define SSL_CTX_set_tlsext_status_type(ssl, type) \
+        SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL)
+
  # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
  SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
  
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 5d5293e1fce10df30ef568c3361f46ad075c197a..eaf6ee23e9ac82141f8291850c799e49004cea42 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3413,6 +3413,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
              return 1;
          }
  
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        ctx->tlsext_status_type = larg;
+        break;
+
      case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
          ctx->tlsext_status_arg = parg;
          return 1;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index e7eb3028b439aeb6c75a407e17a3b00971e611a6..14e8c1e4f6486a890538061be59014bf8310fc51 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -693,7 +693,7 @@ SSL *SSL_new(SSL_CTX *ctx)
      s->tlsext_debug_cb = 0;
      s->tlsext_debug_arg = NULL;
      s->tlsext_ticket_expected = 0;
-    s->tlsext_status_type = -1;
+    s->tlsext_status_type = ctx->tlsext_status_type;
      s->tlsext_status_expected = 0;
      s->tlsext_ocsp_ids = NULL;
      s->tlsext_ocsp_exts = NULL;
@@ -2502,6 +2502,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
       */
      ret->options |= SSL_OP_NO_COMPRESSION;
  
+    ret->tlsext_status_type = -1;
+
      return ret;
   err:
      SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index c9c071ae6fdc871d60dc1da93f388036c184475b..9bc9892e2cb95446c2da2e78565532428c5d252b 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -953,6 +953,10 @@ struct ssl_ctx_st {
      size_t tlsext_ellipticcurvelist_length;
      unsigned char *tlsext_ellipticcurvelist;
  #  endif                        /* OPENSSL_NO_EC */
+
+    /* ext status type used for CSR extension (OCSP Stapling) */
+    int tlsext_status_type;
+
      CRYPTO_RWLOCK *lock;
  };
author	jfigus <foleyj@cisco.com>
	Tue, 2 Dec 2014 20:44:49 +0000 (15:44 -0500)
committer	Matt Caswell <matt@openssl.org>
	Mon, 16 May 2016 13:42:30 +0000 (14:42 +0100)
include/openssl/tls1.h		patch \| blob \| history
ssl/s3_lib.c		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history