diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4d41b17fa0..65e3ba1824 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2556,7 +2556,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_NO_COMPRESSION; - ret->tlsext_status_type = -1; + ret->tlsext_status_type = TLSEXT_STATUSTYPE_nothing; return ret; err: diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c18fec33a6..6b603dd5fb 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1671,6 +1671,12 @@ typedef enum tlsext_index_en { TLSEXT_IDX_padding } TLSEXT_INDEX; +/* + * Dummy status type for the status_type extension. Indicates no status type + * set + */ +#define TLSEXT_STATUSTYPE_nothing -1 + #define MAX_COMPRESSIONS_SIZE 255 typedef struct { diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 5c0dda411d..15a47e0b84 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -764,7 +764,7 @@ static int init_session_ticket(SSL *s, unsigned int context) static int init_status_request(SSL *s, unsigned int context) { if (s->server) - s->tlsext_status_type = -1; + s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing; return 1; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 950f1990cc..71187f6656 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -754,7 +754,8 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, int *al) * MUST be empty and only sent if we've requested a status * request message. */ - if (s->tlsext_status_type == -1 || PACKET_remaining(pkt) > 0) { + if (s->tlsext_status_type == TLSEXT_STATUSTYPE_nothing + || PACKET_remaining(pkt) > 0) { *al = SSL_AD_UNSUPPORTED_EXTENSION; return 0; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 1eeae096d6..bf569d280a 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -228,7 +228,7 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, int *al) /* * We don't know what to do with any other type so ignore it. */ - s->tlsext_status_type = -1; + s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing; return 1; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 7017615af3..18430ea315 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2227,7 +2227,8 @@ int tls_process_initial_server_flight(SSL *s, int *al) * |tlsext_ocsp_resplen| values will be set if we actually received a status * message, or NULL and -1 otherwise */ - if (s->tlsext_status_type != -1 && s->ctx->tlsext_status_cb != NULL) { + if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing + && s->ctx->tlsext_status_cb != NULL) { int ret; ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); if (ret == 0) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 12d1670278..56f3998703 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1704,7 +1704,7 @@ static int tls_handle_status_request(SSL *s, int *al) * and must be called after the cipher has been chosen because this may * influence which certificate is sent */ - if (s->tlsext_status_type != -1 && s->ctx != NULL + if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL && s->ctx->tlsext_status_cb != NULL) { int ret; CERT_PKEY *certpkey = ssl_get_server_send_pkey(s);