Implement the Opaque PRF Input TLS extension

(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.
author: Bodo Möller <bodo@openssl.org> 2007-09-21 06:54:24 +0000
committer: Bodo Möller <bodo@openssl.org> 2007-09-21 06:54:24 +0000
commit: 761772d7e19145fa9afb2a0c830ead69a33f3fa5 (patch)
tree: f6fbfed11e54a5286025bf235889cca1cb87d503 /apps/s_client.c
parent: 54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index 44c5356228..eae12871ab 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -859,6 +859,11 @@ bad:
 		}
 #endif	/* OPENSSL_NO_KRB5  */
 /*	SSL_set_cipher_list(con,"RC4-MD5"); */
+#if 0
+#ifdef TLSEXT_TYPE_opaque_prf_input
+	SSL_set_tlsext_opaque_prf_input(con, "Test client", 1);
+#endif
+#endif
 
 re_start:
 
@@ -1073,12 +1078,14 @@ re_start:
 			if (in_init)
 				{
 				in_init=0;
+#if 0 /* This test doesn't really work as intended (needs to be fixed) */
 #ifndef OPENSSL_NO_TLSEXT
 				if (servername != NULL && !SSL_session_reused(con))
 					{
 					BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
 					}
 #endif
+#endif
 				if (sess_out)
 					{
 					BIO *stmp = BIO_new_file(sess_out, "w");
author	Bodo Möller <bodo@openssl.org>	2007-09-21 06:54:24 +0000
committer	Bodo Möller <bodo@openssl.org>	2007-09-21 06:54:24 +0000
commit	761772d7e19145fa9afb2a0c830ead69a33f3fa5 (patch)
tree	f6fbfed11e54a5286025bf235889cca1cb87d503 /apps/s_client.c
parent	54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 (diff)