From 4300aaf3512167c6759ba1feedcbb28e4ba8413a Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini Date: Wed, 11 May 2016 00:48:49 +0100 Subject: [PATCH] Add SSL_get_tlsext_status_type() method The tlsext_status_type field in SSL is used by e.g. OpenResty to determine if the client requested the certificate status, but SSL is now opaque. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell --- include/openssl/ssl.h | 1 + include/openssl/tls1.h | 3 +++ ssl/s3_lib.c | 5 +++++ 3 files changed, 9 insertions(+) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9989b7eed2..2c897c40c8 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1133,6 +1133,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_MAX_PROTO_VERSION 124 # define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 # define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 0537828afa..25a9b36f9a 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -252,6 +252,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) # define SSL_set_tlsext_debug_arg(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) +# define SSL_get_tlsext_status_type(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, (void *)arg) + # define SSL_set_tlsext_status_type(ssl, type) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index de7f1c08f2..025c003b3e 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2971,6 +2971,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; break; + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: + *(int *)parg = s->tlsext_status_type; + ret = 1; + break; + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: s->tlsext_status_type = larg; ret = 1; -- 2.34.1