From 2942dde56c397f4d6ea7c21787f068f34895ddd3 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 11 Nov 2009 14:10:24 +0000
Subject: [PATCH] commit missing apps code for reneg fix

---
 apps/s_cb.c     | 3 +++
 apps/s_client.c | 3 +++
 apps/s_server.c | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 78c8a5cc28..4d0975ab41 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -338,6 +338,9 @@ void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
 		}
 	}
 
+		case TLSEXT_TYPE_renegotiate:
+		extname = "renegotiate";
+		break;
 
 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
 	{
diff --git a/apps/s_client.c b/apps/s_client.c
index c97597d448..a4be63a114 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -343,6 +343,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -status           - request certificate status from server\n");
 	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
 #endif
+	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 	}
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -658,6 +659,8 @@ int MAIN(int argc, char **argv)
 #endif
 		else if (strcmp(*argv,"-serverpref") == 0)
 			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
+		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
diff --git a/apps/s_server.c b/apps/s_server.c
index cd15c965d2..8a08a30695 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -491,6 +491,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
 	BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
 	BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
+	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #endif
 	}
 
@@ -1014,6 +1015,8 @@ int MAIN(int argc, char *argv[])
 			verify_return_error = 1;
 		else if	(strcmp(*argv,"-serverpref") == 0)
 			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
+		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
-- 
2.34.1