From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 28 Jan 2010 19:48:36 +0000 (+0000)
Subject: Experimental renegotiation support in s_server test -www server.
X-Git-Tag: OpenSSL-fips-2_0-rc1~1295
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=08c239701b543b784432d30578d79d1b6c732113

Experimental renegotiation support in s_server test -www server.
---

diff --git a/CHANGES b/CHANGES
index a08a986799..5baf7e4f7f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]
 
+  *) Experiemental regnegotiation in s_server -www mode. If the client 
+     browsers /reneg connection is renegotiated. If /renegcert it is
+     renegotiated requestion a certificate.
+     [Steve Henson]
+
   *) Add an "external" session cache for debugging purposes to s_server. This
      should help trace issues which normally are only apparent in deployed
      multi-process servers.
diff --git a/apps/s_server.c b/apps/s_server.c
index 6de433299c..a70482e93e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2324,7 +2324,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
 		}
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_accept_state(con);
-
 	/* SSL_set_fd(con,s); */
 	BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
 	BIO_push(io,ssl_bio);
@@ -2406,6 +2405,32 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			STACK_OF(SSL_CIPHER) *sk;
 			static const char *space="                          ";
 
+		if (www == 1 && strncmp("GET /reneg", buf, 10) == 0)
+			{
+			if (strncmp("GET /renegcert", buf, 14) == 0)
+				SSL_set_verify(con,
+				SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
+			i=SSL_renegotiate(con);
+			BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n",i);
+			i=SSL_do_handshake(con);
+			if (i <= 0)
+				{
+				BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", SSL_get_error(con, i));
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+			/* EVIL HACK! */
+			con->state = SSL_ST_ACCEPT;
+			i=SSL_do_handshake(con);
+			BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n",i);
+			if (i <= 0)
+				{
+				BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", SSL_get_error(con, i));
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+			}
+
 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
 			BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
 			BIO_puts(io,"<pre>\n");
@@ -2418,6 +2443,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			BIO_puts(io,"\n");
 
+			BIO_printf(io,
+				"Secure Renegotiation IS%s supported\n",
+		      		SSL_get_secure_renegotiation_support(con) ?
+							"" : " NOT");
+
 			/* The following is evil and should not really
 			 * be done */
 			BIO_printf(io,"Ciphers supported in s_server binary\n");