Fix to not send OCSP stapling extensions in client_hello when not enabled. Fix for typo in WOLFSSL_SHUTDOWN_NOT_DONE.

2017-10-19 11:18:34 -07:00 · 2017-10-19 11:18:34 -07:00 · e904a38092
commit e904a38092
parent 06f564dea3
2 changed files with 18 additions and 1 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -951,6 +951,7 @@ static INLINE word16 TLSX_ToSemaphore(word16 type)
    (!(((semaphore)[(light) / 8] &  (byte) (0x01 << ((light) % 8)))))

 /** Turn on a specific light (tls extension) in the semaphore. */
+/* the semaphore marks the extensions already written to the message */
 #define TURN_ON(semaphore, light) \
    ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))

@ -7769,6 +7770,14 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType)
    #endif
        }
 #endif
+    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+     || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+        if (!ssl->ctx->cm->ocspStaplingEnabled) {
+            /* mark already sent, so it won't send it */
+            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
+            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
+        }
+    #endif
    }
 #ifdef WOLFSSL_TLS13
    #ifndef NO_CERTS
@ -7842,6 +7851,14 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType)
        TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
    #endif
 #endif
+    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+     || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+         /* mark already sent, so it won't send it */
+        if (!ssl->ctx->cm->ocspStaplingEnabled) {
+            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
+            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
+        }
+    #endif
    }
 #ifdef WOLFSSL_TLS13
    #ifndef NO_CERT
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -1047,7 +1047,7 @@ WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp);
    #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
    #define SSL_FAILURE WOLFSSL_FAILURE
    #define SSL_SUCCESS WOLFSSL_SUCCESS
-    #define SSL_SHUTDOWN_NOT_DONE WOLF_WOLFSSL_SHUTDOWN_NOT_DONE
+    #define SSL_SHUTDOWN_NOT_DONE WOLFSSL_SHUTDOWN_NOT_DONE

    #define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND
    #define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE