BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
#endif
}
if (!OCSP_REQUEST_add_ext(req, ext, -1))
goto err;
}
- resp = process_responder(err, req, host, path, port, use_ssl,
+ resp = process_responder(err, req, host, path, port, use_ssl, NULL,
srctx->timeout);
if (!resp)
{
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
X509 *s_cert = NULL, *s_dcert = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+ int no_cache = 0;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
if (--argc < 1) goto bad;
CApath= *(++argv);
}
+ else if (strcmp(*argv,"-no_cache") == 0)
+ no_cache = 1;
else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
{
if (badarg)
verify_return_error = 1;
else if (strcmp(*argv,"-serverpref") == 0)
{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
+ else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-
- SSL_CTX_sess_set_cache_size(ctx,128);
+ if (no_cache)
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+ else
+ SSL_CTX_sess_set_cache_size(ctx,128);
#if 0
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
- SSL_CTX_sess_set_cache_size(ctx2,128);
+ if (no_cache)
+ SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
+ else
+ SSL_CTX_sess_set_cache_size(ctx2,128);
if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx2)))