Add server-side support for Signed Certificate Timestamps. Change-Id: Ifa44fef160fc9d67771eed165f8fc277f28a0222 Reviewed-on: https://boringssl-review.googlesource.com/5840 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>

commit: 4fac72e638c896c9fa30f5c6cd2fd7246f28f49e [log] [tgz]
author: Paul Lietar <lietar@google.com> Wed Sep 09 13:44:55 2015 +0100
committer: Adam Langley <agl@google.com> Fri Sep 11 21:52:26 2015 +0000
tree: abf2cb50720f4d7514dcaab49d6a76207a268243
parent: 1bfce80b44c3b53fea90b90a59abc25bcff8c5ab [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 40b9752..36793f7 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -1545,13 +1545,20 @@
 
 static int ext_sct_parse_clienthello(SSL *ssl, uint8_t *out_alert,
                                      CBS *contents) {
-  /* The SCT extension is not supported as a server. */
-  return 1;
+  return contents == NULL || CBS_len(contents) == 0;
 }
 
 static int ext_sct_add_serverhello(SSL *ssl, CBB *out) {
-  /* The SCT extension is not supported as a server. */
-  return 1;
+  if (ssl->ctx->signed_cert_timestamp_list_length == 0) {
+    return 1;
+  }
+
+  CBB contents;
+  return CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) &&
+         CBB_add_u16_length_prefixed(out, &contents) &&
+         CBB_add_bytes(&contents, ssl->ctx->signed_cert_timestamp_list,
+                       ssl->ctx->signed_cert_timestamp_list_length) &&
+         CBB_flush(out);
 }
commit	4fac72e638c896c9fa30f5c6cd2fd7246f28f49e	[log] [tgz]
author	Paul Lietar <lietar@google.com>	Wed Sep 09 13:44:55 2015 +0100
committer	Adam Langley <agl@google.com>	Fri Sep 11 21:52:26 2015 +0000
tree	abf2cb50720f4d7514dcaab49d6a76207a268243
parent	1bfce80b44c3b53fea90b90a59abc25bcff8c5ab [diff] [blame]