New option to enable/disable connection to unpatched servers

author: Dr. Stephen Henson <steve@openssl.org> 2009-12-16 20:34:20 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-12-16 20:34:20 +0000
commit: ccc3df8c33a3d48f56b8d3270bfbd4ae0a24736c (patch)
tree: a8061cf8ac3ec48f145ac90de3a0395ad13ff6bb /apps
parent: 593a6dbe1915f24e66ad1bd204fbb006f07a6a8b (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index 86b5f6e45b..2f743f0a0a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -287,7 +287,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	int off=0;
+	int off=0, clr = 0;
 	SSL *con=NULL,*con2=NULL;
 	X509_STORE *store = NULL;
 	int s,k,width,state=0;
@@ -539,6 +539,10 @@ int MAIN(int argc, char **argv)
 			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
 		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
 			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+		else if	(strcmp(*argv,"-legacy_server_connect") == 0)
+			{ off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+		else if	(strcmp(*argv,"-no_legacy_server_connect") == 0)
+			{ clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -713,6 +717,9 @@ bad:
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
 		SSL_CTX_set_options(ctx,off);
+
+	if (clr)
+		SSL_CTX_clear_options(ctx, clr);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
 	 */
author	Dr. Stephen Henson <steve@openssl.org>	2009-12-16 20:34:20 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-12-16 20:34:20 +0000
commit	ccc3df8c33a3d48f56b8d3270bfbd4ae0a24736c (patch)
tree	a8061cf8ac3ec48f145ac90de3a0395ad13ff6bb /apps
parent	593a6dbe1915f24e66ad1bd204fbb006f07a6a8b (diff)