Revision of custom extension code.
Move custom extension structures from SSL_CTX to CERT structure.
This change means the form can be revised in future without binary
compatibility issues. Also since CERT is part of SSL structures
so per-SSL custom extensions could be supported in future as well as
per SSL_CTX.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 4e75a96..4504958 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -423,6 +423,27 @@
ret->sec_level = cert->sec_level;
ret->sec_ex = cert->sec_ex;
+#ifndef OPENSSL_NO_TLSEXT
+ if (cert->custom_cli_ext_records_count)
+ {
+ ret->custom_cli_ext_records = BUF_memdup(cert->custom_cli_ext_records, sizeof(custom_cli_ext_record) * cert->custom_cli_ext_records_count);
+ if (ret->custom_cli_ext_records == NULL)
+ goto err;
+ ret->custom_cli_ext_records_count =
+ cert->custom_cli_ext_records_count;
+ }
+
+ if (cert->custom_srv_ext_records_count)
+ {
+ ret->custom_srv_ext_records = BUF_memdup(cert->custom_srv_ext_records, sizeof(custom_srv_ext_record) * cert->custom_srv_ext_records_count);
+ if (ret->custom_srv_ext_records == NULL)
+ goto err;
+ ret->custom_srv_ext_records_count =
+ cert->custom_srv_ext_records_count;
+ }
+
+#endif
+
return(ret);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
@@ -441,6 +462,13 @@
EC_KEY_free(ret->ecdh_tmp);
#endif
+#ifndef OPENSSL_NO_TLSEXT
+ if (ret->custom_cli_ext_records)
+ OPENSSL_free(ret->custom_cli_ext_records);
+ if (ret->custom_srv_ext_records)
+ OPENSSL_free(ret->custom_srv_ext_records);
+#endif
+
ssl_cert_clear_certs(ret);
return NULL;
@@ -531,6 +559,12 @@
X509_STORE_free(c->chain_store);
if (c->ciphers_raw)
OPENSSL_free(c->ciphers_raw);
+#ifndef OPENSSL_NO_TLSEXT
+ if (c->custom_cli_ext_records)
+ OPENSSL_free(c->custom_cli_ext_records);
+ if (c->custom_srv_ext_records)
+ OPENSSL_free(c->custom_srv_ext_records);
+#endif
OPENSSL_free(c);
}
