Commit 7eef2b0c authored by Ben Laurie's avatar Ben Laurie
Browse files

Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix

parents 79b92098 deda5ea7

doc/ssl/SSL_CTX_use_serverinfo.pod

+4 −3
Original line number Diff line number Diff line
@@ -27,7 +27,8 @@ a 2-byte length, and then length bytes of extension_data. 
SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from

B<file> into B<ctx>.  The extensions must be in PEM format.  Each extension

must consist of a 2-byte Extension Type, a 2-byte length, and then length

bytes of extension_data.

bytes of extension_data.  Each PEM extension name must begin with the phrase

"BEGIN SERVERINFO FOR ".



=head1 NOTES

ssl/ssl_rsa.c

+14 −2
Original line number Diff line number Diff line
@@ -982,6 +982,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) 
	long extension_length = 0;

	char* name = NULL;

	char* header = NULL;

	char namePrefix[] = "SERVERINFO FOR ";

	int ret = 0;

	BIO *bin = NULL;

	size_t num_extensions = 0;
@@ -1017,6 +1018,17 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) 
			else /* End of file, we're done */

				break;

			}

		/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */

		if (strlen(name) < strlen(namePrefix))

			{

			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);

			goto end;

			}

		if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)

			{

			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);

			goto end;

			}

		/* Check that the decoded PEM data is plausible (valid length field) */

		if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)

			{

test/serverinfo.pem

+4 −4
Original line number Diff line number Diff line 
-----BEGIN SCT-----

-----BEGIN SERVERINFO FOR CT-----

ABIAZMevsj4TC5rgwjZNciLGwh15YXoIK9t5aypGJIG4QzyMowmwwDdqxudkUcGa

DvuqlYL7psO5j4/BIHTe677CAZBBH3Ho2NOM5q1zub4AbfUMlKeufuQgeQ2Tj1oe

LJLRzrwDnPs=

-----END SCT-----

-----END SERVERINFO FOR CT-----



-----BEGIN TACK EXTENSION-----

-----BEGIN SERVERINFO FOR TACK-----

8wABTwFMh1Dz+3W6zULWJKjav5TNaFEXL1h98YtCXeyZnORYg4mbKpxH5CMbjpgx

To3amSqUPF4Ntjc/i9+poutxebYkbgAAAkMcxb8+RaM9YEywaJEGViKJJmpYG/gJ

HgfGaefI9kKbXSDmP9ntg8dLvDzuyYw14ktM2850Q9WvBiltpekilZxVuT2bFtfs
@@ -13,4 +13,4 @@ ffGLQl3smZzkWIOJmyqcR+QjG46YMU6N2pkqlDxeDbY3P4vfqaLrcXm2JG4AAAGN 
xXQJPbdniI9rEydVXb1Cu1yT/t7FBEx6hLxuoypXjCI1wCGpXsd8zEnloR0Ank5h

VO/874E/BZlItzSPpcmDKl5Def6BrAJTErQlE9npo52S05YWORxJw1+VYBdqQ09A

x3wA

-----END TACK EXTENSION-----
 
-----END SERVERINFO FOR TACK-----