summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2017-09-25 17:51:49 +0000
committerjsing <>2017-09-25 17:51:49 +0000
commit07931285f5ddfc85a89b75c784c029c72187c885 (patch)
treec9aaa8eb537e0f9da3aa41e8d500e8a45567a7fe /src
parent1cfdab61d8a917bffa62b6d4d7f7bd8d906b7cc0 (diff)
downloadopenbsd-07931285f5ddfc85a89b75c784c029c72187c885.tar.gz
openbsd-07931285f5ddfc85a89b75c784c029c72187c885.tar.bz2
openbsd-07931285f5ddfc85a89b75c784c029c72187c885.zip
When building the OCSP extension, only add the length prefixed extensions
after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_tlsext.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index abc012d3af..8f6ff6554a 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.15 2017/08/30 16:44:37 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.16 2017/09/25 17:51:49 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -719,16 +719,14 @@ tlsext_ocsp_clienthello_needs(SSL *s)
719int 719int
720tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb) 720tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb)
721{ 721{
722 CBB ocsp_respid_list, respid, exts; 722 CBB respid_list, respid, exts;
723 unsigned char *ext_data; 723 unsigned char *ext_data;
724 size_t ext_len; 724 size_t ext_len;
725 int i; 725 int i;
726 726
727 if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp)) 727 if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))
728 return 0; 728 return 0;
729 if (!CBB_add_u16_length_prefixed(cbb, &ocsp_respid_list)) 729 if (!CBB_add_u16_length_prefixed(cbb, &respid_list))
730 return 0;
731 if (!CBB_add_u16_length_prefixed(cbb, &exts))
732 return 0; 730 return 0;
733 for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) { 731 for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {
734 unsigned char *respid_data; 732 unsigned char *respid_data;
@@ -740,13 +738,15 @@ tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb)
740 return 0; 738 return 0;
741 if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1) 739 if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1)
742 return 0; 740 return 0;
743 if (!CBB_add_u16_length_prefixed(&ocsp_respid_list, &respid)) 741 if (!CBB_add_u16_length_prefixed(&respid_list, &respid))
744 return 0; 742 return 0;
745 if (!CBB_add_space(&respid, &respid_data, id_len)) 743 if (!CBB_add_space(&respid, &respid_data, id_len))
746 return 0; 744 return 0;
747 if ((i2d_OCSP_RESPID(id, &respid_data)) != id_len) 745 if ((i2d_OCSP_RESPID(id, &respid_data)) != id_len)
748 return 0; 746 return 0;
749 } 747 }
748 if (!CBB_add_u16_length_prefixed(cbb, &exts))
749 return 0;
750 if ((ext_len = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, 750 if ((ext_len = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts,
751 NULL)) == -1) 751 NULL)) == -1)
752 return 0; 752 return 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-22 20:47:02 +0000