git.openssl.org Git - openssl.git/commit

author	Rich Salz <rsalz@akamai.com>
	Thu, 6 May 2021 16:56:35 +0000 (12:56 -0400)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 17 May 2021 08:53:30 +0000 (10:53 +0200)
commit	55373bfd419ca010a15aac18c88c94827e2f3a92
tree	803860f6eae08da5688ae7c4b68e195e52851a23	tree \| snapshot
parent	d7970dd963134534340ad00fa62cb1180daf5cb0	commit \| diff

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.

Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)

CHANGES.md		diff \| blob \| history
apps/include/opt.h		diff \| blob \| history
apps/lib/s_cb.c		diff \| blob \| history
apps/s_client.c		diff \| blob \| history
apps/s_server.c		diff \| blob \| history
doc/man3/SSL_CONF_cmd.pod		diff \| blob \| history
doc/perlvars.pm		diff \| blob \| history
ssl/ssl_conf.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
ssl/statem/statem_srvr.c		diff \| blob \| history
test/helpers/ssltestlib.c		diff \| blob \| history
test/recipes/70-test_renegotiation.t		diff \| blob \| history
test/recipes/70-test_sslmessages.t		diff \| blob \| history
test/ssl_test.c		diff \| blob \| history