New option to enable/disable connection to unpatched servers

diff --git a/CHANGES b/CHANGES
index ed3870c7c485b638bc8388327aa4f868e8e167b1..8041501448369fb58ac0408456bef1cd28f14133 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -863,6 +863,11 @@
 
  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
 
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect (but not renegotiate) with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+
   *) Add "missing" ssl ctrls to clear options and mode.
      [Steve Henson]
 

diff --git a/apps/s_client.c b/apps/s_client.c
index a52e728a16325798e3c5496b3cde2f657b6471e3..484d009987b6690291d844f7fb1b5e317fff2cb0 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -383,7 +383,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
-       int off=0;
+       unsigned int off=0, clr=0;
        SSL *con=NULL;
        int s,k,width,state=0;
        char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
@@ -666,6 +666,10 @@ int MAIN(int argc, char **argv)
                        off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
                else if (strcmp(*argv,"-legacy_renegotiation") == 0)
                        off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+               else if (strcmp(*argv,"-legacy_server_connect") == 0)
+                       { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+               else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
+                       { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -876,6 +880,9 @@ bad:
                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
        else
                SSL_CTX_set_options(ctx,off);
+
+       if (clr)
+               SSL_CTX_clear_options(ctx, clr);
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
         * Setting read ahead solves this problem.
         */

diff --git a/ssl/ssl.h b/ssl/ssl.h
index dbfcca7befbcf735ff393f276e71893a0dc142ce..3c3ab46efd3da8271efb2dd44a71f07825a0df7a 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -518,6 +518,8 @@ typedef struct ssl_session_st
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG                   0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                  0x00000002L
+/* Allow initial connection to servers that don't support RI */
+#define SSL_OP_LEGACY_SERVER_CONNECT                   0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG                0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER              0x00000020L

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index d929569aef8bd0861e34277e88abddd472f2f52c..414ad2d58a442c1d2dfd6d0f8d3c0b5047098117 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -129,7 +129,9 @@ extern "C" {
 #endif
 
 /* Magic Cipher Suite Value. NB: bogus value used for testing */
+#ifndef SSL3_CK_MCSV
 #define SSL3_CK_MCSV                           0x03000FEC
+#endif
 
 #define SSL3_CK_RSA_NULL_MD5                   0x03000001
 #define SSL3_CK_RSA_NULL_SHA                   0x03000002

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6e29f9a4c6f75c8f35fad9c881f8ae015f3f24ad..8d37e4914a4a19b9885cef53cef3c71590b1d1c6 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1677,6 +1677,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        }
 #endif
 #endif
+       /* Default is to connect to non-RI servers. When RI is more widely
+        * deployed might change this.
+        */
+       ret->options = SSL_OP_LEGACY_SERVER_CONNECT;
 
        return(ret);
 err:

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index bdbb806fa543f71c301f6e48da7f90dd6fd90a60..667892690b4a69fb119f9a4f2af59b86bdf3b850 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1157,8 +1157,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
         * which doesn't support RI so for the immediate future tolerate RI
         * absence on initial connect only.
         */
-       if (!renegotiate_seen && s->new_session &&
-               !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+       if (!renegotiate_seen && 
+               (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
+               && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
                {
                /* FIXME: Spec currently doesn't give alert to use */
                *al = SSL_AD_ILLEGAL_PARAMETER;