Initial TLS v1.2 client support. Include a default supported signature

algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one.
author: Dr. Stephen Henson <steve@openssl.org> 2011-05-09 15:44:01 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-09 15:44:01 +0000
commit: a2f9200fba20ae7c25531c2f2ce6f80610f257e2 (patch)
tree: 4fd0e58601a0e3027e9d8fca221e83caf2bbc513 /apps
parent: 0b59755f434eca1ed621974ae9f95663dcdcac35 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index faf7f39c1d..2b8b1455eb 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1103,6 +1103,9 @@ bad:
 		SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
 		}
 #endif
+	/* HACK while TLS v1.2 is disabled by default */
+	if (!(off & SSL_OP_NO_TLSv1_2))
+		SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
 	if (bugs)
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
@@ -2011,6 +2014,18 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	}
 #endif
 
+#ifdef SSL_DEBUG
+	{
+	/* Print out local port of connection: useful for debugging */
+	int sock;
+	struct sockaddr_in ladd;
+	socklen_t ladd_size = sizeof(ladd);
+	sock = SSL_get_fd(s);
+	getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
+	BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
+	}
+#endif
+
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-09 15:44:01 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-09 15:44:01 +0000
commit	a2f9200fba20ae7c25531c2f2ce6f80610f257e2 (patch)
tree	4fd0e58601a0e3027e9d8fca221e83caf2bbc513 /apps
parent	0b59755f434eca1ed621974ae9f95663dcdcac35 (diff)