diff options
author | Bodo Möller <bodo@openssl.org> | 2007-09-21 06:54:24 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2007-09-21 06:54:24 +0000 |
commit | 761772d7e19145fa9afb2a0c830ead69a33f3fa5 (patch) | |
tree | f6fbfed11e54a5286025bf235889cca1cb87d503 /apps | |
parent | 54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 (diff) |
Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_cb.c | 5 | ||||
-rw-r--r-- | apps/s_client.c | 7 | ||||
-rw-r--r-- | apps/s_server.c | 5 |
3 files changed, 17 insertions, 0 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index 0366cc8a40..dc50ff5d3f 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -638,6 +638,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, extname = "server ticket"; break; +#ifdef TLSEXT_TYPE_opaque_prf_input + case TLSEXT_TYPE_opaque_prf_input: + extname = "opaque PRF input"; + break; +#endif default: extname = "unknown"; diff --git a/apps/s_client.c b/apps/s_client.c index 44c5356228..eae12871ab 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -859,6 +859,11 @@ bad: } #endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ +#if 0 +#ifdef TLSEXT_TYPE_opaque_prf_input + SSL_set_tlsext_opaque_prf_input(con, "Test client", 1); +#endif +#endif re_start: @@ -1073,12 +1078,14 @@ re_start: if (in_init) { in_init=0; +#if 0 /* This test doesn't really work as intended (needs to be fixed) */ #ifndef OPENSSL_NO_TLSEXT if (servername != NULL && !SSL_session_reused(con)) { BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not "); } #endif +#endif if (sess_out) { BIO *stmp = BIO_new_file(sess_out, "w"); diff --git a/apps/s_server.c b/apps/s_server.c index 328fcaff73..0cfdf6afde 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1575,6 +1575,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) strlen((char *)context)); } SSL_clear(con); +#if 0 +#ifdef TLSEXT_TYPE_opaque_prf_input + SSL_set_tlsext_opaque_prf_input(con, "Test server", 1); +#endif +#endif if (SSL_version(con) == DTLS1_VERSION) { |