feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1190 from dgarske/fix_ocspstaplingenable

Browse Source 
Fix to not send OCSP stapling extensions in client_hello when not enabled
This commit is contained in:
toddouska
2017-10-20 12:16:56 -07:00
committed by GitHub
parent c5f80760a8 e904a38092
commit 39749ed5be
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/tls.c
View File

@ -951,6 +951,7 @@ static INLINE word16 TLSX_ToSemaphore(word16 type)
(!(((semaphore)[(light) / 8] & (byte) (0x01 << ((light) % 8))))) (!(((semaphore)[(light) / 8] & (byte) (0x01 << ((light) % 8)))))
/** Turn on a specific light (tls extension) in the semaphore. */ /** Turn on a specific light (tls extension) in the semaphore. */
/* the semaphore marks the extensions already written to the message */
#define TURN_ON(semaphore, light) \ #define TURN_ON(semaphore, light) \
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
@ -7768,6 +7769,14 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
#endif #endif
} }
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (!ssl->ctx->cm->ocspStaplingEnabled) {
/* mark already sent, so it won't send it */
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
}
#endif #endif
} }
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
@ -7841,6 +7850,14 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType)
*/ */
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif #endif
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
/* mark already sent, so it won't send it */
if (!ssl->ctx->cm->ocspStaplingEnabled) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
}
#endif #endif
} }
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13

2
wolfssl/ssl.h
View File

@ -1047,7 +1047,7 @@ WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp);
#define SSL_ERROR_NONE WOLFSSL_ERROR_NONE #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
#define SSL_FAILURE WOLFSSL_FAILURE #define SSL_FAILURE WOLFSSL_FAILURE
#define SSL_SUCCESS WOLFSSL_SUCCESS #define SSL_SUCCESS WOLFSSL_SUCCESS
#define SSL_SHUTDOWN_NOT_DONE WOLF_WOLFSSL_SHUTDOWN_NOT_DONE #define SSL_SHUTDOWN_NOT_DONE WOLFSSL_SHUTDOWN_NOT_DONE
#define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND #define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND
#define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE #define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE