From: Dr. Stephen Henson Date: Wed, 11 Nov 2009 14:10:24 +0000 (+0000) Subject: commit missing apps code for reneg fix X-Git-Tag: OpenSSL-fips-2_0-rc1~1449 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2942dde56c397f4d6ea7c21787f068f34895ddd3;p=openssl commit missing apps code for reneg fix --- diff --git a/apps/s_cb.c b/apps/s_cb.c index 78c8a5cc28..4d0975ab41 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -338,6 +338,9 @@ void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) } } + case TLSEXT_TYPE_renegotiate: + extname = "renegotiate"; + break; void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { diff --git a/apps/s_client.c b/apps/s_client.c index c97597d448..a4be63a114 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -343,6 +343,7 @@ static void sc_usage(void) BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); #endif + BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); } #ifndef OPENSSL_NO_TLSEXT @@ -658,6 +659,8 @@ int MAIN(int argc, char **argv) #endif else if (strcmp(*argv,"-serverpref") == 0) off|=SSL_OP_CIPHER_SERVER_PREFERENCE; + else if (strcmp(*argv,"-legacy_renegotiation") == 0) + off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; diff --git a/apps/s_server.c b/apps/s_server.c index cd15c965d2..8a08a30695 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -491,6 +491,7 @@ static void sv_usage(void) BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); + BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); #endif } @@ -1014,6 +1015,8 @@ int MAIN(int argc, char *argv[]) verify_return_error = 1; else if (strcmp(*argv,"-serverpref") == 0) { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } + else if (strcmp(*argv,"-legacy_renegotiation") == 0) + off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad;