mirror of https://github.com/openssl/openssl.git
403ba31a02
The SSL_set_SSL_CTX() function is used to switch SSL contexts for the given SSL object. If contexts differ, this includes updating a cert structure with custom extensions from the new context. This however overwrites connection custom extensions previously set on top of inherited from the old context. The fix is to preserve connection custom extensions using a newly introduced flag SSL_EXT_FLAG_CONN in custom_ext_copy_conn(). Similar to custom_ext_copy(), it is a no-op if there are no custom extensions to copy. The only such consumer is ossl_quic_tls_configure() used to set the "quic_transport_parameters" extension. Before this change, context switch resulted in transport parameters not being sent due to the missing extension. Initially reported at https://github.com/nginx/nginx/issues/711 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27706) |
||
|---|---|---|
| .. | ||
| quic | ||
| record | ||
| rio | ||
| statem | ||
| bio_ssl.c | ||
| build.info | ||
| d1_lib.c | ||
| d1_msg.c | ||
| d1_srtp.c | ||
| methods.c | ||
| pqueue.c | ||
| priority_queue.c | ||
| s3_enc.c | ||
| s3_lib.c | ||
| s3_msg.c | ||
| ssl_asn1.c | ||
| ssl_cert.c | ||
| ssl_cert_comp.c | ||
| ssl_cert_table.h | ||
| ssl_ciph.c | ||
| ssl_conf.c | ||
| ssl_err_legacy.c | ||
| ssl_init.c | ||
| ssl_lib.c | ||
| ssl_local.h | ||
| ssl_mcnf.c | ||
| ssl_rsa.c | ||
| ssl_rsa_legacy.c | ||
| ssl_sess.c | ||
| ssl_stat.c | ||
| ssl_txt.c | ||
| ssl_utst.c | ||
| t1_enc.c | ||
| t1_lib.c | ||
| t1_trce.c | ||
| tls13_enc.c | ||
| tls_depr.c | ||
| tls_srp.c | ||