summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-09-25 17:51:50 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-09-25 17:51:50 +0000
commita4ac2c07c3a1a3ef4966464dcae97baec5f70411 (patch)
tree9fdc33e8b9607754b90d436bb5699e242e9147e0
parent78d7426579e1c2334399d88d7633c77ccd63a958 (diff)
When building the OCSP extension, only add the length prefixed extensions
after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@
-rw-r--r--lib/libssl/ssl_tlsext.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index abc012d3afc..8f6ff6554a9 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.15 2017/08/30 16:44:37 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.16 2017/09/25 17:51:49 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -719,16 +719,14 @@ tlsext_ocsp_clienthello_needs(SSL *s)
int
tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb)
{
- CBB ocsp_respid_list, respid, exts;
+ CBB respid_list, respid, exts;
unsigned char *ext_data;
size_t ext_len;
int i;
if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))
return 0;
- if (!CBB_add_u16_length_prefixed(cbb, &ocsp_respid_list))
- return 0;
- if (!CBB_add_u16_length_prefixed(cbb, &exts))
+ if (!CBB_add_u16_length_prefixed(cbb, &respid_list))
return 0;
for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) {
unsigned char *respid_data;
@@ -740,13 +738,15 @@ tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb)
return 0;
if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1)
return 0;
- if (!CBB_add_u16_length_prefixed(&ocsp_respid_list, &respid))
+ if (!CBB_add_u16_length_prefixed(&respid_list, &respid))
return 0;
if (!CBB_add_space(&respid, &respid_data, id_len))
return 0;
if ((i2d_OCSP_RESPID(id, &respid_data)) != id_len)
return 0;
}
+ if (!CBB_add_u16_length_prefixed(cbb, &exts))
+ return 0;
if ((ext_len = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts,
NULL)) == -1)
return 0;