3

I've been trying to get custom client extensions on client hello but I don`t know how to issue a method like get_custom_ext or similar.

Firstly we add the extension on the client side with SSL_CTX_set_custom_cli_ext

int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                          custom_ext_add_cb add_cb,
                                          custom_ext_free_cb free_cb, void *add_arg,
                                          custom_ext_parse_cb parse_cb,
                                          void *parse_arg)

Now the client add one extension on every client hello, but how the server could get the custom added extension properly?

Mzdp
  • 43
  • 1
  • 5

1 Answers1

1

It looks like you can register the same custom extension on the server, and use whether or not the add_cb callback is called to detect whether the client proposed the extension.

For the ServerHello and EncryptedExtension messages every registered add_cb is called once if and only if the requirements of the specified context are met and the corresponding extension was received in the ClientHello. That is, if no corresponding extension was received in the ClientHello then add_cb will not be called. (https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_server_custom_ext.html#EXTENSION-CALLBACKS)

I.e., do the corresponding

int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                  custom_ext_add_cb add_cb,
                                  custom_ext_free_cb free_cb, void *add_arg,
                                  custom_ext_parse_cb parse_cb,
                                  void *parse_arg);

and let your add_cb call-back mark the context (or other data structure) to indicate that this connection used the custom extension.

lockcmpxchg8b
  • 2,205
  • 10
  • 16
  • I'm looking to implement the correct cycle to use callbacks but looks like is posible that way. – Mzdp Nov 21 '17 at 08:50