Merge remote-tracking branch 'trevp/pempick' into OpenSSL_1_0_2-stable
This commit is contained in:
commit
4f3b1b3eb9
3 changed files with 22 additions and 9 deletions
|
@ -20,14 +20,15 @@ A "serverinfo" extension is returned in response to an empty ClientHello
|
|||
Extension.
|
||||
|
||||
SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from
|
||||
a byte array into B<ctx>. The extensions must be concatenated into a
|
||||
a byte array into B<ctx>. The extensions must be concatenated into a
|
||||
sequence of bytes. Each extension must consist of a 2-byte Extension Type,
|
||||
a 2-byte length, and then length bytes of extension_data.
|
||||
|
||||
SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from
|
||||
B<file> into B<ctx>. The extensions must be in PEM format. Each extension
|
||||
B<file> into B<ctx>. The extensions must be in PEM format. Each extension
|
||||
must consist of a 2-byte Extension Type, a 2-byte length, and then length
|
||||
bytes of extension_data.
|
||||
bytes of extension_data. Each PEM extension name must begin with the phrase
|
||||
"BEGIN SERVERINFO FOR ".
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
|
|
|
@ -1206,6 +1206,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
|
|||
long extension_length = 0;
|
||||
char* name = NULL;
|
||||
char* header = NULL;
|
||||
char namePrefix[] = "SERVERINFO FOR ";
|
||||
int ret = 0;
|
||||
BIO *bin = NULL;
|
||||
size_t num_extensions = 0;
|
||||
|
@ -1241,11 +1242,22 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
|
|||
else /* End of file, we're done */
|
||||
break;
|
||||
}
|
||||
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
|
||||
if (strlen(name) < strlen(namePrefix))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
|
||||
goto end;
|
||||
}
|
||||
/* Check that the decoded PEM data is plausible (valid length field) */
|
||||
if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
|
||||
goto end;
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
|
||||
goto end;
|
||||
}
|
||||
/* Append the decoded extension to the serverinfo buffer */
|
||||
serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
-----BEGIN SCT-----
|
||||
-----BEGIN SERVERINFO FOR CT-----
|
||||
ABIAZMevsj4TC5rgwjZNciLGwh15YXoIK9t5aypGJIG4QzyMowmwwDdqxudkUcGa
|
||||
DvuqlYL7psO5j4/BIHTe677CAZBBH3Ho2NOM5q1zub4AbfUMlKeufuQgeQ2Tj1oe
|
||||
LJLRzrwDnPs=
|
||||
-----END SCT-----
|
||||
-----END SERVERINFO FOR CT-----
|
||||
|
||||
-----BEGIN TACK EXTENSION-----
|
||||
-----BEGIN SERVERINFO FOR TACK-----
|
||||
8wABTwFMh1Dz+3W6zULWJKjav5TNaFEXL1h98YtCXeyZnORYg4mbKpxH5CMbjpgx
|
||||
To3amSqUPF4Ntjc/i9+poutxebYkbgAAAkMcxb8+RaM9YEywaJEGViKJJmpYG/gJ
|
||||
HgfGaefI9kKbXSDmP9ntg8dLvDzuyYw14ktM2850Q9WvBiltpekilZxVuT2bFtfs
|
||||
|
@ -13,4 +13,4 @@ ffGLQl3smZzkWIOJmyqcR+QjG46YMU6N2pkqlDxeDbY3P4vfqaLrcXm2JG4AAAGN
|
|||
xXQJPbdniI9rEydVXb1Cu1yT/t7FBEx6hLxuoypXjCI1wCGpXsd8zEnloR0Ank5h
|
||||
VO/874E/BZlItzSPpcmDKl5Def6BrAJTErQlE9npo52S05YWORxJw1+VYBdqQ09A
|
||||
x3wA
|
||||
-----END TACK EXTENSION-----
|
||||
-----END SERVERINFO FOR TACK-----
|
||||
|
|
Loading…
Reference in a new issue