From 32097b33bdff520d149ad6c8a11bd344e4ef764b Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 13 Aug 2018 15:23:27 +0100
Subject: Change Post Handshake auth so that it is opt-in

Having post handshake auth automatically switched on breaks some
applications written for TLSv1.2. This changes things so that an explicit
function call is required for a client to indicate support for
post-handshake auth.

Fixes #6933.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
---
 test/handshake_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'test/handshake_helper.c')

diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index c40a0e7c92..a5b8d8007a 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -726,8 +726,8 @@ static void configure_handshake_ssl(SSL *server, SSL *client,
     if (extra->client.servername != SSL_TEST_SERVERNAME_NONE)
         SSL_set_tlsext_host_name(client,
                                  ssl_servername_name(extra->client.servername));
-    if (extra->client.force_pha)
-        SSL_force_post_handshake_auth(client);
+    if (extra->client.enable_pha)
+        SSL_set_post_handshake_auth(client, 1);
 }
 
 /* The status for each connection phase. */
-- 
cgit v1.2.3