generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More TLS extension related changes.

Browse Source 
Submitted by: Peter Sylvester
This commit is contained in:
Bodo Möller
2006-01-11 06:10:40 +00:00
parent a13c20f603
commit 241520e66d
9 changed files with 73 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
apps/s_server.c
View File

@@ -367,7 +367,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
#ifndef OPENSSL_NO_TLSEXT
BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
BIO_printf(bio_err," -servername_warn - on mismatch send warning (default fatal alert)\n");
BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT2);
BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n");
@@ -534,7 +534,7 @@ static int ebcdic_puts(BIO *bp, const char *str)
typedef struct tlsextctx_st {
char * servername;
BIO * biodebug;
int servername_warn;
int extension_error;
} tlsextctx;
@@ -546,18 +546,19 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);
if (!p->servername)
return 1;
return SSL_TLSEXT_ERR_NOACK;
if (servername)
{
if (strcmp(servername,p->servername))
return p->servername_warn;
if (ctx2) {
return p->extension_error;
if (ctx2)
{
BIO_printf(p->biodebug,"Swiching server context.\n");
SSL_set_SSL_CTX(s,ctx2);
}
}
return 1;
return SSL_TLSEXT_ERR_OK;
}
#endif
@@ -597,7 +598,7 @@ int MAIN(int argc, char *argv[])
#endif
#ifndef OPENSSL_NO_TLSEXT
tlsextctx tlsextcbp = {NULL, NULL, -1};
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
#endif
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
@@ -846,8 +847,8 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
tlsextcbp.servername= *(++argv);
}
else if (strcmp(*argv,"-servername_warn") == 0)
{ tlsextcbp.servername_warn = 0; }
else if (strcmp(*argv,"-servername_fatal") == 0)
{ tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }
else if (strcmp(*argv,"-cert2") == 0)
{
if (--argc < 1) goto bad;