New option to enable/disable connection to unpatched servers

diff --git a/CHANGES b/CHANGES
index 6af764c61115da54dcbccb54bce1da6f398c5f1b..5c8544afda5eb53972c2f56eb029dea912422ac6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
 
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect (but not renegotiate) with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+
   *) Add "missing" ssl ctrls to clear options and mode.
      [Steve Henson]
 

diff --git a/apps/s_client.c b/apps/s_client.c
index 86b5f6e45b22a1e2384ae9a6ccfeceac81024276..2f743f0a0af3f2235e41668f99d4c840bf193885 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -287,7 +287,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
-       int off=0;
+       int off=0, clr = 0;
        SSL *con=NULL,*con2=NULL;
        X509_STORE *store = NULL;
        int s,k,width,state=0;
@@ -539,6 +539,10 @@ int MAIN(int argc, char **argv)
                        off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
                else if (strcmp(*argv,"-legacy_renegotiation") == 0)
                        off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+               else if (strcmp(*argv,"-legacy_server_connect") == 0)
+                       { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+               else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
+                       { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -713,6 +717,9 @@ bad:
                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
        else
                SSL_CTX_set_options(ctx,off);
+
+       if (clr)
+               SSL_CTX_clear_options(ctx, clr);
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
         * Setting read ahead solves this problem.
         */

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 5f8bc538b7db90b7aa119923eccdc60292d6b6c4..057083faad441a9b957c8206001dd0ac8fc42463 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -485,6 +485,8 @@ typedef struct ssl_session_st
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG                   0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                  0x00000002L
+/* Allow initial connection to servers that don't support RI */
+#define SSL_OP_LEGACY_SERVER_CONNECT                   0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG                0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER              0x00000020L

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index d8e055e92d43d6d6c8f970e269c356985854eed2..7ad803833ddffce7a44f9d9bb1e7fab4ad485ac8 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -130,7 +130,9 @@ extern "C" {
 #endif
 
 /* Magic Cipher Suite Value. NB: bogus value used for testing */
+#ifndef SSL3_CK_MCSV
 #define SSL3_CK_MCSV                           0x03000FEC
+#endif
 
 #define SSL3_CK_RSA_NULL_MD5                   0x03000001
 #define SSL3_CK_RSA_NULL_SHA                   0x03000002

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c5eafe4524488ade0a9d15596478adac78ed57d0..31f76abd1a3004d4de7992faaecbe18fe2b79e29 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1591,6 +1591,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        }
 #endif
 #endif
+       /* Default is to connect to non-RI servers. When RI is more widely
+        * deployed might change this.
+        */
+       ret->options = SSL_OP_LEGACY_SERVER_CONNECT;
 
        return(ret);
 err:

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 82c6f903b22695309e555f1b5377e40ace22ce04..07a3900c7fd2c4725ea92444c86632bd87ebfe91 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -705,8 +705,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
         * which doesn't support RI so for the immediate future tolerate RI
         * absence on initial connect only.
         */
-       if (!renegotiate_seen && s->new_session &&
-               !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+       if (!renegotiate_seen && 
+               (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
+               && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
                {
                /* FIXME: Spec currently doesn't give alert to use */
                *al = SSL_AD_ILLEGAL_PARAMETER;