diff options
author | Matt Caswell <matt@openssl.org> | 2018-08-13 15:23:27 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-08-20 15:14:01 +0100 |
commit | 32097b33bdff520d149ad6c8a11bd344e4ef764b (patch) | |
tree | c46929e459ee7c2688765c56afbf329f38a6edda /apps/s_client.c | |
parent | 756510c102885005c2fc31eb01e3a6b95f8ed985 (diff) |
Change Post Handshake auth so that it is opt-in
Having post handshake auth automatically switched on breaks some
applications written for TLSv1.2. This changes things so that an explicit
function call is required for a client to indicate support for
post-handshake auth.
Fixes #6933.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 8f9ad9ddcf..dcaa10cf44 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -595,7 +595,7 @@ typedef enum OPTION_choice { OPT_CT, OPT_NOCT, OPT_CTLOG_FILE, #endif OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, - OPT_FORCE_PHA, + OPT_ENABLE_PHA, OPT_R_ENUM } OPTION_CHOICE; @@ -786,7 +786,7 @@ const OPTIONS s_client_options[] = { #endif {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"}, - {"force_pha", OPT_FORCE_PHA, '-', "Force-enable post-handshake-authentication"}, + {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"}, {NULL, OPT_EOF, 0x00, NULL} }; @@ -975,7 +975,7 @@ int s_client_main(int argc, char **argv) int isdtls = 0; #endif char *psksessf = NULL; - int force_pha = 0; + int enable_pha = 0; FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -1492,8 +1492,8 @@ int s_client_main(int argc, char **argv) case OPT_EARLY_DATA: early_data_file = opt_arg(); break; - case OPT_FORCE_PHA: - force_pha = 1; + case OPT_ENABLE_PHA: + enable_pha = 1; break; } } @@ -1944,8 +1944,8 @@ int s_client_main(int argc, char **argv) if (con == NULL) goto end; - if (force_pha) - SSL_force_post_handshake_auth(con); + if (enable_pha) + SSL_set_post_handshake_auth(con, 1); if (sess_in != NULL) { SSL_SESSION *sess; |