diff options
author | Rich Salz <rsalz@akamai.com> | 2021-05-06 12:56:35 -0400 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-05-17 10:53:30 +0200 |
commit | 55373bfd419ca010a15aac18c88c94827e2f3a92 (patch) | |
tree | 803860f6eae08da5688ae7c4b68e195e52851a23 /apps/s_client.c | |
parent | d7970dd963134534340ad00fa62cb1180daf5cb0 (diff) |
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.
Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 1aa7a3b7de..1754d3e1a4 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1047,6 +1047,9 @@ int s_client_main(int argc, char **argv) case OPT_BRIEF: c_brief = verify_args.quiet = c_quiet = 1; break; + case OPT_S_IMMEDIATE_RENEG: + /* Option ignored on client. */ + break; case OPT_S_CASES: if (ssl_args == NULL) ssl_args = sk_OPENSSL_STRING_new_null(); @@ -2673,7 +2676,6 @@ int s_client_main(int argc, char **argv) tty_on = 1; if (in_init) { in_init = 0; - if (c_brief) { BIO_puts(bio_err, "CONNECTION ESTABLISHED\n"); print_ssl_summary(con); |