New option to enable/disable connection to unpatched servers

[openssl.git] / apps / s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index a3db16dfb0775e87516cb49d6f4a12357ce04126..34ad2cec78e25879b7c48e56662a63173160439e 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -382,7 +382,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
-       int off=0;
+       unsigned int off=0, clr=0;
        SSL *con=NULL;
        int s,k,width,state=0;
        char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
@@ -661,6 +661,10 @@ int MAIN(int argc, char **argv)
                        off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
                else if (strcmp(*argv,"-legacy_renegotiation") == 0)
                        off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+               else if (strcmp(*argv,"-legacy_server_connect") == 0)
+                       { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+               else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
+                       { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -871,6 +875,9 @@ bad:
                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
        else
                SSL_CTX_set_options(ctx,off);
+
+       if (clr)
+               SSL_CTX_clear_options(ctx, clr);
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
         * Setting read ahead solves this problem.
         */