commit missing apps code for reneg fix
authorDr. Stephen Henson <steve@openssl.org>
Wed, 11 Nov 2009 14:10:24 +0000 (14:10 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 11 Nov 2009 14:10:24 +0000 (14:10 +0000)
apps/s_cb.c
apps/s_client.c
apps/s_server.c

index 78c8a5c..4d0975a 100644 (file)
@@ -338,6 +338,9 @@ void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
                }
        }
 
+               case TLSEXT_TYPE_renegotiate:
+               extname = "renegotiate";
+               break;
 
 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
        {
index c97597d..a4be63a 100644 (file)
@@ -343,6 +343,7 @@ static void sc_usage(void)
        BIO_printf(bio_err," -status           - request certificate status from server\n");
        BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
 #endif
+       BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
        }
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -658,6 +659,8 @@ int MAIN(int argc, char **argv)
 #endif
                else if (strcmp(*argv,"-serverpref") == 0)
                        off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
+               else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+                       off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
index cd15c96..8a08a30 100644 (file)
@@ -491,6 +491,7 @@ static void sv_usage(void)
        BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
        BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
        BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
+       BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #endif
        }
 
@@ -1014,6 +1015,8 @@ int MAIN(int argc, char *argv[])
                        verify_return_error = 1;
                else if (strcmp(*argv,"-serverpref") == 0)
                        { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
+               else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+                       off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;