Add support for TLS 1.3 server to send certificate status

messages with oscp staples. ok jsing@ tb@
author: beck <> 2020-05-19 01:30:34 +0000
committer: beck <> 2020-05-19 01:30:34 +0000
commit: e91cca87b14fd6699247757d10bb6df50becf339 (patch)
tree: 8f5ae09863670d19a22fed1e3b31bc81cd7c0353 /src/lib/libssl/tls13_lib.c
parent: 9edf50111429d901037fd2347bcd0a14d7cad60b (diff)
download: openbsd-e91cca87b14fd6699247757d10bb6df50becf339.tar.gz
openbsd-e91cca87b14fd6699247757d10bb6df50becf339.tar.bz2
openbsd-e91cca87b14fd6699247757d10bb6df50becf339.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 3527539095..60b4a389b7 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.45 2020/05/17 19:07:15 beck Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.46 2020/05/19 01:30:34 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -21,6 +21,7 @@
 #include <openssl/evp.h>
 #include "ssl_locl.h"
+#include "ssl_tlsext.h"
 #include "tls13_internal.h"
 /*
@@ -410,9 +411,10 @@ tls13_ctx_free(struct tls13_ctx *ctx)
 }
 int
-tls13_cert_add(CBB *cbb, X509 *cert)
+tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
+    int(*build_extensions)(SSL *s, CBB *cbb, uint16_t msg_type))
 {
-        CBB cert_data, cert_exts;
+        CBB cert_data;
        uint8_t *data;
        int cert_len;
@@ -425,10 +427,8 @@ tls13_cert_add(CBB *cbb, X509 *cert)
                return 0;
        if (i2d_X509(cert, &data) != cert_len)
                return 0;
+        if (!build_extensions(ctx->ssl, cbb, SSL_TLSEXT_MSG_CT))
-        if (!CBB_add_u16_length_prefixed(cbb, &cert_exts))
                return 0;
        if (!CBB_flush(cbb))
                return 0;
author	beck <>	2020-05-19 01:30:34 +0000
committer	beck <>	2020-05-19 01:30:34 +0000
commit	e91cca87b14fd6699247757d10bb6df50becf339 (patch)
tree	8f5ae09863670d19a22fed1e3b31bc81cd7c0353 /src/lib/libssl/tls13_lib.c
parent	9edf50111429d901037fd2347bcd0a14d7cad60b (diff)
download	openbsd-e91cca87b14fd6699247757d10bb6df50becf339.tar.gz openbsd-e91cca87b14fd6699247757d10bb6df50becf339.tar.bz2 openbsd-e91cca87b14fd6699247757d10bb6df50becf339.zip

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 3527539095..60b4a389b7 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.45 2020/05/17 19:07:15 beck Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.46 2020/05/19 01:30:34 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -21,6 +21,7 @@
21	#include <openssl/evp.h>	21	#include <openssl/evp.h>
22		22
23	#include "ssl_locl.h"	23	#include "ssl_locl.h"
		24	#include "ssl_tlsext.h"
24	#include "tls13_internal.h"	25	#include "tls13_internal.h"
25		26
26	/*	27	/*
@@ -410,9 +411,10 @@ tls13_ctx_free(struct tls13_ctx *ctx)
410	}	411	}
411		412
412	int	413	int
413	tls13_cert_add(CBB cbb, X509 cert)	414	tls13_cert_add(struct tls13_ctx ctx, CBB cbb, X509 *cert,
		415	int(build_extensions)(SSL s, CBB *cbb, uint16_t msg_type))
414	{	416	{
415	CBB cert_data, cert_exts;	417	CBB cert_data;
416	uint8_t *data;	418	uint8_t *data;
417	int cert_len;	419	int cert_len;
418		420
@@ -425,10 +427,8 @@ tls13_cert_add(CBB cbb, X509 cert)
425	return 0;	427	return 0;
426	if (i2d_X509(cert, &data) != cert_len)	428	if (i2d_X509(cert, &data) != cert_len)
427	return 0;	429	return 0;
428		430	if (!build_extensions(ctx->ssl, cbb, SSL_TLSEXT_MSG_CT))
429	if (!CBB_add_u16_length_prefixed(cbb, &cert_exts))
430	return 0;	431	return 0;
431
432	if (!CBB_flush(cbb))	432	if (!CBB_flush(cbb))
433	return 0;	433	return 0;
434		434