From a2f9200fba20ae7c25531c2f2ce6f80610f257e2 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 9 May 2011 15:44:01 +0000
Subject: Initial TLS v1.2 client support. Include a default supported
 signature algorithms extension (including everything we support). Swicth to
 new signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
---
 apps/s_client.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'apps')

diff --git a/apps/s_client.c b/apps/s_client.c
index faf7f39c1d..2b8b1455eb 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1103,6 +1103,9 @@ bad:
 		SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
 		}
 #endif
+	/* HACK while TLS v1.2 is disabled by default */
+	if (!(off & SSL_OP_NO_TLSv1_2))
+		SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
 	if (bugs)
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
@@ -2011,6 +2014,18 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	}
 #endif
 
+#ifdef SSL_DEBUG
+	{
+	/* Print out local port of connection: useful for debugging */
+	int sock;
+	struct sockaddr_in ladd;
+	socklen_t ladd_size = sizeof(ladd);
+	sock = SSL_get_fd(s);
+	getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
+	BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
+	}
+#endif
+
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
-- 
cgit v1.2.3