Introduce TLSEXT_STATUSTYPE_nothing constant
The existing code used the magic number -1 to represent the absence of a status_type in the extension. This commit replaces it with a macro. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
d270de322c
commit
cbb0954471
7 changed files with 14 additions and 6 deletions
|
@ -2556,7 +2556,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
|||
*/
|
||||
ret->options |= SSL_OP_NO_COMPRESSION;
|
||||
|
||||
ret->tlsext_status_type = -1;
|
||||
ret->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
|
||||
|
||||
return ret;
|
||||
err:
|
||||
|
|
|
@ -1671,6 +1671,12 @@ typedef enum tlsext_index_en {
|
|||
TLSEXT_IDX_padding
|
||||
} TLSEXT_INDEX;
|
||||
|
||||
/*
|
||||
* Dummy status type for the status_type extension. Indicates no status type
|
||||
* set
|
||||
*/
|
||||
#define TLSEXT_STATUSTYPE_nothing -1
|
||||
|
||||
#define MAX_COMPRESSIONS_SIZE 255
|
||||
|
||||
typedef struct {
|
||||
|
|
|
@ -764,7 +764,7 @@ static int init_session_ticket(SSL *s, unsigned int context)
|
|||
static int init_status_request(SSL *s, unsigned int context)
|
||||
{
|
||||
if (s->server)
|
||||
s->tlsext_status_type = -1;
|
||||
s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -754,7 +754,8 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, int *al)
|
|||
* MUST be empty and only sent if we've requested a status
|
||||
* request message.
|
||||
*/
|
||||
if (s->tlsext_status_type == -1 || PACKET_remaining(pkt) > 0) {
|
||||
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_nothing
|
||||
|| PACKET_remaining(pkt) > 0) {
|
||||
*al = SSL_AD_UNSUPPORTED_EXTENSION;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -228,7 +228,7 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, int *al)
|
|||
/*
|
||||
* We don't know what to do with any other type so ignore it.
|
||||
*/
|
||||
s->tlsext_status_type = -1;
|
||||
s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -2227,7 +2227,8 @@ int tls_process_initial_server_flight(SSL *s, int *al)
|
|||
* |tlsext_ocsp_resplen| values will be set if we actually received a status
|
||||
* message, or NULL and -1 otherwise
|
||||
*/
|
||||
if (s->tlsext_status_type != -1 && s->ctx->tlsext_status_cb != NULL) {
|
||||
if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing
|
||||
&& s->ctx->tlsext_status_cb != NULL) {
|
||||
int ret;
|
||||
ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
|
||||
if (ret == 0) {
|
||||
|
|
|
@ -1704,7 +1704,7 @@ static int tls_handle_status_request(SSL *s, int *al)
|
|||
* and must be called after the cipher has been chosen because this may
|
||||
* influence which certificate is sent
|
||||
*/
|
||||
if (s->tlsext_status_type != -1 && s->ctx != NULL
|
||||
if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL
|
||||
&& s->ctx->tlsext_status_cb != NULL) {
|
||||
int ret;
|
||||
CERT_PKEY *certpkey = ssl_get_server_send_pkey(s);
|
||||
|
|
Loading…
Reference in a new issue