commit 33f653adf3bff5b0795e22de1f54b7c5472252d0
author Dr. Stephen Henson <steve@openssl.org> Sat Aug 16 18:16:26 2014 +0100
committer Dr. Stephen Henson <steve@openssl.org> Thu Aug 28 17:06:53 2014 +0100
tree 98fce19564c991a56c371a4a6644c26d8c3e6a8f
parent de2a9e38f39eacc2e052d694f5b5fa5b7e734abc

New extension callback features.

Support separate parse and add callback arguments.
Add new callback so an application can free extension data.
Change return value for send functions so < 0 is an error 0
omits extension and > 0 includes it. This is more consistent
with the behaviour of other functions in OpenSSL.

Modify parse_cb handling so <= 0 is an error.

Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument
order consistent.

NOTE: these changes WILL break existing code.

Remove (now inaccurate) in line documentation.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

ssl/ssltest.c

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 5837abb..09400a1 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -558,7 +558,7 @@
 	{
 	if (ext_type != CUSTOM_EXT_TYPE_0)
 		custom_ext_error = 1;
-	return -1;  /* Don't send an extension */
+	return 0;  /* Don't send an extension */
 	}
 
 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
@@ -650,7 +650,7 @@
 				      const unsigned char **out,
 				      size_t *outlen, int *al, void *arg)
 	{
-        return -1; /* Don't send an extension */
+        return 0; /* Don't send an extension */
 	}
 
 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
@@ -672,7 +672,7 @@
 				      const unsigned char **out,
 				      size_t *outlen, int *al, void *arg)
 	{
-	return -1; /* Don't send an extension */
+	return 0; /* Don't send an extension */
 	}
 
 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
@@ -1584,10 +1584,12 @@
 #endif
 
 	if (serverinfo_sct)
-		SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL, 
+		SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE,
+					   NULL, NULL, NULL,
 					   serverinfo_cli_cb, NULL);
 	if (serverinfo_tack)
-		SSL_CTX_set_custom_cli_ext(c_ctx, TACK_EXT_TYPE, NULL,
+		SSL_CTX_set_custom_cli_ext(c_ctx, TACK_EXT_TYPE,
+					   NULL, NULL, NULL,
 					   serverinfo_cli_cb, NULL);
 
 	if (serverinfo_file)
@@ -1600,31 +1602,31 @@
 	if (custom_ext)
 		{
 		SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_0, 
-					   custom_ext_0_cli_add_cb, 
+					   custom_ext_0_cli_add_cb, NULL, NULL,
 					   custom_ext_0_cli_parse_cb, NULL);
 		SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_1, 
-					   custom_ext_1_cli_add_cb, 
+					   custom_ext_1_cli_add_cb, NULL, NULL,
 					   custom_ext_1_cli_parse_cb, NULL);
 		SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_2, 
-					   custom_ext_2_cli_add_cb, 
+					   custom_ext_2_cli_add_cb, NULL, NULL,
 					   custom_ext_2_cli_parse_cb, NULL);
 		SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_3, 
-					   custom_ext_3_cli_add_cb, 
+					   custom_ext_3_cli_add_cb, NULL, NULL,
 					   custom_ext_3_cli_parse_cb, NULL);
 
 
 		SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_0, 
-					   custom_ext_0_srv_parse_cb, 
-					   custom_ext_0_srv_add_cb, NULL);
+					   custom_ext_0_srv_add_cb, NULL, NULL,
+					   custom_ext_0_srv_parse_cb, NULL);
 		SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_1, 
-					   custom_ext_1_srv_parse_cb, 
-					   custom_ext_1_srv_add_cb, NULL);
+					   custom_ext_1_srv_add_cb, NULL, NULL,
+					   custom_ext_1_srv_parse_cb, NULL);
 		SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_2, 
-					   custom_ext_2_srv_parse_cb, 
-					   custom_ext_2_srv_add_cb, NULL);
+					   custom_ext_2_srv_add_cb, NULL, NULL,
+					   custom_ext_2_srv_parse_cb, NULL);
 		SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_3, 
-					   custom_ext_3_srv_parse_cb, 
-					   custom_ext_3_srv_add_cb, NULL);
+					   custom_ext_3_srv_add_cb, NULL, NULL,
+					   custom_ext_3_srv_parse_cb, NULL);
 		}
 
 	if (alpn_server)