diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-09 15:44:01 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-09 15:44:01 +0000 |
commit | a2f9200fba20ae7c25531c2f2ce6f80610f257e2 (patch) | |
tree | 4fd0e58601a0e3027e9d8fca221e83caf2bbc513 /apps | |
parent | 0b59755f434eca1ed621974ae9f95663dcdcac35 (diff) |
Initial TLS v1.2 client support. Include a default supported signature
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.
Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_client.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index faf7f39c1d..2b8b1455eb 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1103,6 +1103,9 @@ bad: SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } #endif + /* HACK while TLS v1.2 is disabled by default */ + if (!(off & SSL_OP_NO_TLSv1_2)) + SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2); if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else @@ -2011,6 +2014,18 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif +#ifdef SSL_DEBUG + { + /* Print out local port of connection: useful for debugging */ + int sock; + struct sockaddr_in ladd; + socklen_t ladd_size = sizeof(ladd); + sock = SSL_get_fd(s); + getsockname(sock, (struct sockaddr *)&ladd, &ladd_size); + BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port)); + } +#endif + SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) |