From 0286c965db48149ae18c03e50dcc7965dfa5887e Mon Sep 17 00:00:00 2001
From: beck <>
Date: Tue, 19 May 2020 01:30:34 +0000
Subject: Add support for TLS 1.3 server to send certificate status messages
 with oscp staples.

ok jsing@ tb@
---
 src/lib/libssl/tls13_lib.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'src/lib/libssl/tls13_lib.c')

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 3527539095..60b4a389b7 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.45 2020/05/17 19:07:15 beck Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.46 2020/05/19 01:30:34 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -21,6 +21,7 @@
 #include <openssl/evp.h>
 
 #include "ssl_locl.h"
+#include "ssl_tlsext.h"
 #include "tls13_internal.h"
 
 /*
@@ -410,9 +411,10 @@ tls13_ctx_free(struct tls13_ctx *ctx)
 }
 
 int
-tls13_cert_add(CBB *cbb, X509 *cert)
+tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
+    int(*build_extensions)(SSL *s, CBB *cbb, uint16_t msg_type))
 {
-	CBB cert_data, cert_exts;
+	CBB cert_data;
 	uint8_t *data;
 	int cert_len;
 
@@ -425,10 +427,8 @@ tls13_cert_add(CBB *cbb, X509 *cert)
 		return 0;
 	if (i2d_X509(cert, &data) != cert_len)
 		return 0;
-
-	if (!CBB_add_u16_length_prefixed(cbb, &cert_exts))
+	if (!build_extensions(ctx->ssl, cbb, SSL_TLSEXT_MSG_CT))
 		return 0;
-
 	if (!CBB_flush(cbb))
 		return 0;
 
-- 
cgit v1.2.3-55-g6feb