Various custom extension fixes.
Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 77abcfc..2837624 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -463,23 +463,6 @@
X509_free(c->pkeys[i].x509);
CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
c->pkeys[i].x509=x;
-#ifndef OPENSSL_NO_TLSEXT
- /* Free the old authz data, if it exists. */
- if (c->pkeys[i].authz != NULL)
- {
- OPENSSL_free(c->pkeys[i].authz);
- c->pkeys[i].authz = NULL;
- c->pkeys[i].authz_length = 0;
- }
-
- /* Free the old serverinfo data, if it exists. */
- if (c->pkeys[i].serverinfo != NULL)
- {
- OPENSSL_free(c->pkeys[i].serverinfo);
- c->pkeys[i].serverinfo = NULL;
- c->pkeys[i].serverinfo_length = 0;
- }
-#endif
c->key= &(c->pkeys[i]);
c->valid=0;
@@ -1083,7 +1066,7 @@
if (!serverinfo_process_buffer(serverinfo, serverinfo_length, NULL))
{
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,SSL_R_INVALID_SERVERINFO_DATA);
- return(0);
+ return 0;
}
if (!ssl_cert_inst(&ctx->cert))
{
@@ -1110,7 +1093,7 @@
if (!serverinfo_process_buffer(serverinfo, serverinfo_length, ctx))
{
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,SSL_R_INVALID_SERVERINFO_DATA);
- return(0);
+ return 0;
}
return 1;
}
