Implement the Opaque PRF Input TLS extension

(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.
author: Bodo Möller <bodo@openssl.org> 2007-09-21 06:54:24 +0000
committer: Bodo Möller <bodo@openssl.org> 2007-09-21 06:54:24 +0000
commit: 761772d7e19145fa9afb2a0c830ead69a33f3fa5 (patch)
tree: f6fbfed11e54a5286025bf235889cca1cb87d503 /apps/s_server.c
parent: 54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 328fcaff73..0cfdf6afde 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1575,6 +1575,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 						 strlen((char *)context));
 	}
 	SSL_clear(con);
+#if 0
+#ifdef TLSEXT_TYPE_opaque_prf_input
+	SSL_set_tlsext_opaque_prf_input(con, "Test server", 1);
+#endif
+#endif
 
 	if (SSL_version(con) == DTLS1_VERSION)
 		{
author	Bodo Möller <bodo@openssl.org>	2007-09-21 06:54:24 +0000
committer	Bodo Möller <bodo@openssl.org>	2007-09-21 06:54:24 +0000
commit	761772d7e19145fa9afb2a0c830ead69a33f3fa5 (patch)
tree	f6fbfed11e54a5286025bf235889cca1cb87d503 /apps/s_server.c
parent	54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 (diff)