static unsigned char *generated_supp_data = NULL;
-static unsigned char *most_recent_supplemental_data = NULL;
+static const unsigned char *most_recent_supplemental_data = NULL;
static size_t most_recent_supplemental_data_length = 0;
static int client_provided_server_authz = 0;
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out,
- unsigned short *outlen, void *arg);
+ unsigned short *outlen, int *al, void *arg);
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen,
- void *arg);
+ int *al, void *arg);
static int authz_tlsext_cb(SSL *s, unsigned short ext_type,
const unsigned char *in,
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0, ext_cache = 0;
int rev = 0, naccept = -1;
- int c_no_resumption_on_reneg = 0;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
# ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
- tlsextnextprotoctx next_proto;
+ tlsextnextprotoctx next_proto = { NULL, 0};
+# endif
const char *alpn_in = NULL;
tlsextalpnctx alpn_ctx = { NULL, 0};
-# endif
#endif
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
c_auth = 1;
}
#endif
- else if (strcmp(*argv, "-no_resumption_on_reneg") == 0)
- {
- c_no_resumption_on_reneg = 1;
- }
else if (strcmp(*argv,"-auth_require_reneg") == 0)
{
c_auth_require_reneg = 1;
if (--argc < 1) goto bad;
next_proto_neg_in = *(++argv);
}
+# endif
else if (strcmp(*argv,"-alpn") == 0)
{
if (--argc < 1) goto bad;
alpn_in = *(++argv);
}
-# endif
#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
else if (strcmp(*argv,"-jpake") == 0)
}
#endif
- if (c_no_resumption_on_reneg)
- SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
goto end;
#ifndef OPENSSL_NO_TLSEXT
if (s_serverinfo_file != NULL
&& !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file))
+ {
+ ERR_print_errors(bio_err);
goto end;
+ }
if (c_auth)
{
SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err);
EVP_PKEY_free(s_key2);
if (serverinfo_in != NULL)
BIO_free(serverinfo_in);
+# ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
OPENSSL_free(next_proto.data);
+# endif
if (alpn_ctx.data)
OPENSSL_free(alpn_ctx.data);
#endif
i=SSL_accept(con);
+#ifdef CERT_CB_TEST_RETRY
+ {
+ while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP && SSL_state(con) == SSL3_ST_SR_CLNT_HELLO_C)
+ {
+ fprintf(stderr, "LOOKUP from certificate callback during accept\n");
+ i=SSL_accept(con);
+ }
+ }
+#endif
#ifndef OPENSSL_NO_SRP
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type,
const unsigned char **out, unsigned short *outlen,
- void *arg)
+ int *al, void *arg)
{
if (c_auth && client_provided_client_authz && client_provided_server_authz)
{
static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ unsigned short *outlen, int *al, void *arg)
{
if (c_auth && client_provided_client_authz && client_provided_server_authz)
{