Various custom extension fixes.

[openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a240587eecbd40ccea5e07f33c2ea14d717f369c..17ce8b3f8c96d5045e981fa4616ad5961dd896a8 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1843,7 +1843,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign
 
        s->s3->is_probably_safari = 1;
 }
-#endif /* OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_EC */
 
 static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 
        {       
@@ -1860,6 +1860,14 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
        s->s3->next_proto_neg_seen = 0;
 #endif
 
+       /* Clear observed custom extensions */
+       s->s3->tlsext_custom_types_count = 0;
+       if (s->s3->tlsext_custom_types != NULL)
+               {
+               OPENSSL_free(s->s3->tlsext_custom_types);
+               s->s3->tlsext_custom_types = NULL;
+               }               
+
 #ifndef OPENSSL_NO_HEARTBEATS
        s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
                               SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
@@ -1868,7 +1876,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 #ifndef OPENSSL_NO_EC
        if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
                ssl_check_for_safari(s, data, d, n);
-#endif /* OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_EC */
 
        /* Clear any signature algorithms extension received */
        if (s->cert->peer_sigalgs)