#ifndef OPENSSL_NO_TLSEXT
-static const unsigned char *most_recent_supplemental_data;
-static size_t most_recent_supplemental_data_length;
+static unsigned char *generated_supp_data = NULL;
+
+static const unsigned char *most_recent_supplemental_data = NULL;
+static size_t most_recent_supplemental_data_length = 0;
static int server_provided_server_authz = 0;
static int server_provided_client_authz = 0;
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out,
- unsigned short *outlen, void *arg);
+ unsigned short *outlen, int *al, void *arg);
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen,
- void *arg);
+ int *al, void *arg);
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in,
BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
- BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
# endif
+ BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
#endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
ext_buf[3] = inlen & 0xFF;
memcpy(ext_buf+4, in, inlen);
- BIO_snprintf(pem_name, sizeof(pem_name), "SERVER_INFO %d", ext_type);
+ BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
+ ext_type);
PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen);
return 1;
}
{NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
- const char *alpn_in = NULL;
# endif
+ const char *alpn_in = NULL;
# define MAX_SI_TYPES 100
unsigned short serverinfo_types[MAX_SI_TYPES];
int serverinfo_types_count = 0;
int crl_format = FORMAT_PEM;
int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
+ int sdebug = 0;
meth=SSLv23_client_method();
else if (strcmp(*argv,"-trace") == 0)
c_msg=2;
#endif
+ else if (strcmp(*argv,"-security_debug") == 0)
+ { sdebug=1; }
+ else if (strcmp(*argv,"-security_debug_verbose") == 0)
+ { sdebug=2; }
else if (strcmp(*argv,"-showcerts") == 0)
c_showcerts=1;
else if (strcmp(*argv,"-nbio_test") == 0)
if (--argc < 1) goto bad;
next_proto_neg_in = *(++argv);
}
+# endif
else if (strcmp(*argv,"-alpn") == 0)
{
if (--argc < 1) goto bad;
alpn_in = *(++argv);
}
-# endif
else if (strcmp(*argv,"-serverinfo") == 0)
{
char *c;
goto end;
}
+ if (sdebug)
+ ssl_ctx_security_debug(ctx, bio_err, sdebug);
+
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
"CONNECTION ESTABLISHED\n");
print_ssl_summary(bio_err, con);
}
+ /*handshake is complete - free the generated supp data allocated in the callback */
+ if (generated_supp_data)
+ {
+ OPENSSL_free(generated_supp_data);
+ generated_supp_data = NULL;
+ }
+
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
BIO_write(bio, proto, proto_len);
BIO_write(bio, "\n", 1);
}
+# endif
{
const unsigned char *proto;
unsigned int proto_len;
else
BIO_printf(bio, "No ALPN negotiated\n");
}
-# endif
#endif
{
void *arg)
{
if (TLSEXT_TYPE_server_authz == ext_type)
- {
- server_provided_server_authz = (memchr(in,
- TLSEXT_AUTHZDATAFORMAT_dtcp,
- inlen) != NULL);
- }
+ server_provided_server_authz
+ = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL);
if (TLSEXT_TYPE_client_authz == ext_type)
- {
- server_provided_client_authz = (memchr(in,
- TLSEXT_AUTHZDATAFORMAT_dtcp,
- inlen) != NULL);
- }
+ server_provided_client_authz
+ = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL);
return 1;
}
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen,
- void *arg)
+ int *al, void *arg)
{
if (c_auth)
{
+ /*if auth_require_reneg flag is set, only send extensions if
+ renegotiation has occurred */
if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s)))
{
*out = auth_ext_data;
return 1;
}
}
- //no auth extension to send
+ /* no auth extension to send */
return -1;
}
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ unsigned short *outlen, int *al, void *arg)
{
- unsigned char *result;
if (c_auth && server_provided_client_authz && server_provided_server_authz)
{
- if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s)))
- {
- result = OPENSSL_malloc(10);
- memcpy(result, "5432154321", 10);
- *out = result;
+ /*if auth_require_reneg flag is set, only send supplemental data if
+ renegotiation has occurred */
+ if (!c_auth_require_reneg
+ || (c_auth_require_reneg && SSL_num_renegotiations(s)))
+ {
+ generated_supp_data = OPENSSL_malloc(10);
+ memcpy(generated_supp_data, "5432154321", 10);
+ *out = generated_supp_data;
*outlen = 10;
return 1;
}
}
- //no supplemental data to send
+ /* no supplemental data to send */
return -1;
}
projects / openssl.git / blobdiff