Further TLS extension improvements

		case SSL3_ST_CR_SRVR_HELLO_B:

			ret=ssl3_get_server_hello(s);

			if (ret <= 0) goto end;

#ifndef OPENSSL_NO_TLSEXT

			{

				int al;

				switch (ssl_check_tlsext(s,&al))

					{

				case SSL_TLSEXT_ERR_ALERT_FATAL:

					ssl3_send_alert(s,SSL3_AL_FATAL,al);

					SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SERVERHELLO_TLS_EXT);

					ret = -1;

					goto end;

				case SSL_TLSEXT_ERR_ALERT_WARNING:

					ssl3_send_alert(s,SSL3_AL_WARNING,al); 

				default:

					;

					}

			}

#endif

			if (s->hit)

				s->state=SSL3_ST_CR_FINISHED_A;

			else

			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLS_EXT);

			goto f_err; 

			}

		if (ssl_check_tlsext(s,0) <= 0)

			{

			SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SERVERHELLO_TLS_EXT);

				goto err;

			}

		}

#endif

			s->shutdown=0;

			ret=ssl3_get_client_hello(s);

			if (ret <= 0) goto end;

#ifndef OPENSSL_NO_TLSEXT

			{

				int al;

				switch (ssl_check_tlsext(s,&al))

					{

				case SSL_TLSEXT_ERR_ALERT_FATAL:

					ssl3_send_alert(s,SSL3_AL_FATAL,al); 

					SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLS_EXT);

					ret = -1;

					goto end;

				case SSL_TLSEXT_ERR_ALERT_WARNING:

					ssl3_send_alert(s,SSL3_AL_WARNING,al); 

				default:

					break;

					}

			}

#endif

			s->new_session = 2;

			s->state=SSL3_ST_SW_SRVR_HELLO_A;

			s->init_num=0;

		goto f_err;

		}

#ifndef OPENSSL_NO_TLSEXT

	/* TLS extensions*/

	if (s->version > SSL3_VERSION)

		{

		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))

			{

			/* 'al' set by ssl_parse_clienthello_tlsext */

			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLS_EXT);

			goto f_err;

			}

		}

		if (ssl_check_tlsext(s,1) <= 0) {

			SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLS_EXT);

			goto err;

		}

#endif

	/* Worst case, we will use the NULL compression, but if we have other

	 * options, we will now look for them.  We have i-1 compression

	 * algorithms from the client, starting at q. */

		}

#endif

#ifndef OPENSSL_NO_TLSEXT

	/* TLS extensions*/

	if (s->version > SSL3_VERSION)

		{

		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))

			{

			/* 'al' set by ssl_parse_clienthello_tlsext */

			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLS_EXT);

			goto f_err;

			}

		}

#endif

	/* Given s->session->ciphers and SSL_get_ciphers, we must

	 * pick a cipher */

unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 

int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);

int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);

int ssl_check_tlsext(SSL *s,int *al);

int ssl_check_tlsext(SSL *s, int is_server);

#endif

#endif

	return 1;

}

int ssl_check_tlsext(SSL *s,int *al)

int ssl_check_tlsext(SSL *s, int is_server)

	{

	int ret=SSL_TLSEXT_ERR_NOACK;

	*al = SSL_AD_UNRECOGNIZED_NAME;

	int al = SSL_AD_UNRECOGNIZED_NAME;

	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 

		ret = s->ctx->tlsext_servername_callback(s, al, s->ctx->tlsext_servername_arg);

		ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);

	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 		

		ret = s->initial_ctx->tlsext_servername_callback(s, al, s->initial_ctx->tlsext_servername_arg);

		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);

	switch (ret) {

		case SSL_TLSEXT_ERR_ALERT_FATAL:

			ssl3_send_alert(s,SSL3_AL_FATAL,al); 

			return -1;

		case SSL_TLSEXT_ERR_ALERT_WARNING:

			ssl3_send_alert(s,SSL3_AL_WARNING,al);

			return 1; 

	if (ret == SSL_TLSEXT_ERR_NOACK) 

		case SSL_TLSEXT_ERR_NOACK:

			s->servername_done=0;

	return ret;

			default:

		return 1;

	}

}

#endif