X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_client.c;h=e4281c612460ba51957639e2445db0e008d17f4b;hp=e4007c290575ea9191fa111defb5f7ac6f71d00e;hb=764b6a3551919e3e98b5048891688c4a615291d7;hpb=33f653adf3bff5b0795e22de1f54b7c5472252d0

diff --git a/apps/s_client.c b/apps/s_client.c
index e4007c2905..e4281c6124 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -336,11 +336,14 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
 #endif
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
+#endif
 	BIO_printf(bio_err," -tls1_2       - just use TLSv1.2\n");
 	BIO_printf(bio_err," -tls1_1       - just use TLSv1.1\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
+	BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
 	BIO_printf(bio_err," -mtu          - set the link layer MTU\n");
 	BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
@@ -547,9 +550,9 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
 	}
 # endif  /* ndef OPENSSL_NO_NEXTPROTONEG */
 
-static int serverinfo_cli_cb(SSL* s, unsigned int ext_type,
-			     const unsigned char* in, size_t inlen, 
-			     int* al, void* arg)
+static int serverinfo_cli_parse_cb(SSL* s, unsigned int ext_type,
+				   const unsigned char* in, size_t inlen, 
+				   int* al, void* arg)
 	{
 	char pem_name[100];
 	unsigned char ext_buf[4 + 65536];
@@ -650,6 +653,7 @@ int MAIN(int argc, char **argv)
 	char *sess_out = NULL;
 	struct sockaddr peer;
 	int peerlen = sizeof(peer);
+	int fallback_scsv = 0;
 	int enable_timeouts = 0 ;
 	long socket_mtu = 0;
 #ifndef OPENSSL_NO_JPAKE
@@ -912,7 +916,7 @@ static char *jpake_secret = NULL;
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
@@ -948,6 +952,10 @@ static char *jpake_secret = NULL;
 			socket_mtu = atol(*(++argv));
 			}
 #endif
+		else if (strcmp(*argv,"-fallback_scsv") == 0)
+			{
+			fallback_scsv = 1;
+			}
 		else if	(strcmp(*argv,"-keyform") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -1357,16 +1365,13 @@ bad:
 		}
 #endif
 #ifndef OPENSSL_NO_TLSEXT
-		if (serverinfo_types_count)
+		for (i = 0; i < serverinfo_types_count; i++)
 			{
-			for (i = 0; i < serverinfo_types_count; i++)
-				{
-				SSL_CTX_set_custom_cli_ext(ctx,
-							   serverinfo_types[i],
-							   NULL, NULL, NULL,
-							   serverinfo_cli_cb,
-							   NULL);
-				}
+			SSL_CTX_add_client_custom_ext(ctx,
+						      serverinfo_types[i],
+						      NULL, NULL, NULL,
+						      serverinfo_cli_parse_cb,
+						      NULL);
 			}
 #endif
 
@@ -1442,6 +1447,10 @@ bad:
 		SSL_set_session(con, sess);
 		SSL_SESSION_free(sess);
 		}
+
+	if (fallback_scsv)
+		SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
 #ifndef OPENSSL_NO_TLSEXT
 	if (servername != NULL)
 		{