Commit ba261f71 authored by jfigus's avatar jfigus Committed by Matt Caswell
Browse files

Propagate tlsext_status_type from SSL_CTX to SSL 



To allow OCSP stapling to work with libcurl.

Github PR #200

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent b04f9479

include/openssl/tls1.h

+3 −0
Original line number Diff line number Diff line
@@ -394,6 +394,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) 
# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \

SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)



#define SSL_CTX_set_tlsext_status_type(ssl, type) \

        SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL)



# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \

SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)

ssl/s3_lib.c

+4 −0
Original line number Diff line number Diff line
@@ -3413,6 +3413,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 
            return 1;

        }



    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:

        ctx->tlsext_status_type = larg;

        break;



    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:

        ctx->tlsext_status_arg = parg;

        return 1;

ssl/ssl_lib.c

+3 −1
Original line number Diff line number Diff line
@@ -693,7 +693,7 @@ SSL *SSL_new(SSL_CTX *ctx) 
    s->tlsext_debug_cb = 0;

    s->tlsext_debug_arg = NULL;

    s->tlsext_ticket_expected = 0;

    s->tlsext_status_type = -1;

    s->tlsext_status_type = ctx->tlsext_status_type;

    s->tlsext_status_expected = 0;

    s->tlsext_ocsp_ids = NULL;

    s->tlsext_ocsp_exts = NULL;
@@ -2502,6 +2502,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 
     */

    ret->options |= SSL_OP_NO_COMPRESSION;



    ret->tlsext_status_type = -1;



    return ret;

 err:

    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);

ssl/ssl_locl.h

+4 −0
Original line number Diff line number Diff line
@@ -953,6 +953,10 @@ struct ssl_ctx_st { 
    size_t tlsext_ellipticcurvelist_length;

    unsigned char *tlsext_ellipticcurvelist;

#  endif                        /* OPENSSL_NO_EC */



    /* ext status type used for CSR extension (OCSP Stapling) */

    int tlsext_status_type;



    CRYPTO_RWLOCK *lock;

};