generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)

Browse Source 
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
This commit is contained in:
Scott Deboy
2013-06-18 14:34:38 -07:00
committed by Ben Laurie
parent cda01d55ba
commit 36086186a9
25 changed files with 920 additions and 810 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
doc/apps/s_client.pod
View File

@@ -45,6 +45,8 @@ B<openssl> B<s_client>
[B<-sess_in filename>]
[B<-rand file(s)>]
[B<-serverinfo types>]
[B<-auth>]
[B<-auth_require_reneg>]
=head1 DESCRIPTION
@@ -272,6 +274,15 @@ a list of comma-separated TLS Extension Types (numbers between 0 and
The server's response (if any) will be encoded and displayed as a PEM
file.
=item B<-auth>
send RFC 5878 client and server authorization extensions in the Client Hello as well as
supplemental data if the server also sent the authorization extensions in the Server Hello.
=item B<-auth_require_reneg>
only send RFC 5878 client and server authorization extensions during renegotiation.
=back
=head1 CONNECTED COMMANDS

18
doc/apps/s_server.pod
View File

@@ -57,7 +57,9 @@ B<openssl> B<s_server>
[B<-id_prefix arg>]
[B<-rand file(s)>]
[B<-serverinfo file>]
[B<-auth>]
[B<-auth_require_reneg>]
[B<-no_resumption_on_reneg>]
=head1 DESCRIPTION
The B<s_server> command implements a generic SSL/TLS server which listens
@@ -315,6 +317,20 @@ followed by "length" bytes of extension data). If the client sends
an empty TLS ClientHello extension matching the type, the corresponding
ServerHello extension will be returned.
=item B<-auth>
send RFC 5878 client and server authorization extensions in the Client Hello as well as
supplemental data if the server also sent the authorization extensions in the Server Hello.
=item B<-auth_require_reneg>
only send RFC 5878 client and server authorization extensions during renegotiation.
=item B<-no_resumption_on_reneg>
set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Required in order to receive supplemental data
during renegotiation if auth and auth_require_reneg are set.
=back
=head1 CONNECTED COMMANDS