Support TLS extensions (specifically, HostName)

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0098f56178d6f93b0b9fdd4af64f2449fed0ef93..7a4f2566420708527c617b7f659f788bd6b93249 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -255,6 +255,16 @@ int ssl3_connect(SSL *s)
                case SSL3_ST_CR_SRVR_HELLO_B:
                        ret=ssl3_get_server_hello(s);
                        if (ret <= 0) goto end;
                case SSL3_ST_CR_SRVR_HELLO_B:
                        ret=ssl3_get_server_hello(s);
                        if (ret <= 0) goto end;

+#ifndef OPENSSL_NO_TLSEXT
+                       {
+                               int extension_error = 0,al;
+                               if ((al = ssl_check_Hello_TLS_extensions(s,&extension_error)) != SSL_ERROR_NONE){
+                                       ret = -1;
+                                       SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SERVERHELLO_TLS_EXT);
+                                       goto end;
+                               }
+                       }
+#endif

                        if (s->hit)
                                s->state=SSL3_ST_CR_FINISHED_A;
                        else
                        if (s->hit)
                                s->state=SSL3_ST_CR_FINISHED_A;
                        else


@@ -602,6 +612,13 @@ int ssl3_client_hello(SSL *s)
                        }
 #endif
                *(p++)=0; /* Add the NULL method */
                        }
 #endif
                *(p++)=0; /* Add the NULL method */

+#ifndef OPENSSL_NO_TLSEXT
+               if ((p = ssl_add_ClientHello_TLS_extensions(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+               {
+                       SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+                       goto err;
+               }
+#endif

                
                l=(p-d);
                d=buf;
                
                l=(p-d);
                d=buf;


@@ -786,6 +803,16 @@ int ssl3_get_server_hello(SSL *s)
                s->s3->tmp.new_compression=comp;
                }
 #endif
                s->s3->tmp.new_compression=comp;
                }
 #endif

+#ifndef OPENSSL_NO_TLSEXT
+       /* TLS extensions*/
+       if (s->version > SSL3_VERSION)
+       {
+               if ((al = ssl_parse_ServerHello_TLS_extensions(s,&p,d,n)) != SSL_ERROR_NONE){
+                       SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLS_EXT);
+                       goto f_err; 
+               }
+       }
+#endif

 
        if (p != (d+n))
                {
 
        if (p != (d+n))
                {