Commit 052d0358 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Enable various DTLS extensions. 

Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.
(cherry picked from commit 874a18cf)
parent 1b6ab411

ssl/t1_lib.c

+13 −22
Original line number Diff line number Diff line
@@ -1105,7 +1105,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
#ifndef OPENSSL_NO_EC

	/* See if we support any ECC ciphersuites */

	int using_ecc = 0;

	if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION)

	if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s))

		{

		int i;

		unsigned long alg_k, alg_a;
@@ -1322,8 +1322,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
		}



#ifdef TLSEXT_TYPE_opaque_prf_input

	if (s->s3->client_opaque_prf_input != NULL &&

	    s->version != DTLS1_VERSION)

	if (s->s3->client_opaque_prf_input != NULL)

		{

		size_t col = s->s3->client_opaque_prf_input_len;
@@ -1340,8 +1339,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha 
		}

#endif



	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&

	    s->version != DTLS1_VERSION)

	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)

		{

		int i;

		long extlen, idlen, itmp;
@@ -1548,7 +1546,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha 
        }



#ifndef OPENSSL_NO_EC

	if (using_ecc && s->version != DTLS1_VERSION)

	if (using_ecc)

		{

		const unsigned char *plist;

		size_t plistlen;
@@ -1591,8 +1589,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha 
		}



#ifdef TLSEXT_TYPE_opaque_prf_input

	if (s->s3->server_opaque_prf_input != NULL &&

	    s->version != DTLS1_VERSION)

	if (s->s3->server_opaque_prf_input != NULL)

		{

		size_t sol = s->s3->server_opaque_prf_input_len;
@@ -2092,8 +2089,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char 
#endif



#ifndef OPENSSL_NO_EC

		else if (type == TLSEXT_TYPE_ec_point_formats &&

	             s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_ec_point_formats)

			{

			unsigned char *sdata = data;

			int ecpointformatlist_length = *(sdata++);
@@ -2128,8 +2124,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char 
			fprintf(stderr,"\n");

#endif

			}

		else if (type == TLSEXT_TYPE_elliptic_curves &&

	             s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_elliptic_curves)

			{

			unsigned char *sdata = data;

			int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -2167,8 +2162,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char 
			}

#endif /* OPENSSL_NO_EC */

#ifdef TLSEXT_TYPE_opaque_prf_input

		else if (type == TLSEXT_TYPE_opaque_prf_input &&

	             s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_opaque_prf_input)

			{

			unsigned char *sdata = data;
@@ -2243,8 +2237,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char 
				return 0;

				}

			}

		else if (type == TLSEXT_TYPE_status_request &&

		         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)

		else if (type == TLSEXT_TYPE_status_request

		         && s->ctx->tlsext_status_cb)

			{

		

			if (size < 5)
@@ -2622,8 +2616,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char 
			}



#ifndef OPENSSL_NO_EC

		else if (type == TLSEXT_TYPE_ec_point_formats &&

	             s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_ec_point_formats)

			{

			unsigned char *sdata = data;

			int ecpointformatlist_length = *(sdata++);
@@ -2669,8 +2662,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char 
			s->tlsext_ticket_expected = 1;

			}

#ifdef TLSEXT_TYPE_opaque_prf_input

		else if (type == TLSEXT_TYPE_opaque_prf_input &&

	             s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_opaque_prf_input)

			{

			unsigned char *sdata = data;
@@ -2700,8 +2692,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char 
				}

			}

#endif

		else if (type == TLSEXT_TYPE_status_request &&

		         s->version != DTLS1_VERSION)

		else if (type == TLSEXT_TYPE_status_request)

			{

			/* MUST be empty and only sent if we've requested

			 * a status request message.