generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add ctrl and macro so we can determine if peer support secure renegotiation.

Browse Source 
Fix SSL_CIPHER initialiser for mcsv
This commit is contained in:
Dr. Stephen Henson
2009-12-08 13:47:28 +00:00
parent 7a014dceb6
commit 59f44e810b
5 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -4,6 +4,11 @@
Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx] Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
*) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
peer supports secure renegotiation and 0 otherwise. Print out peer
renegotiation support in s_client/s_server.
[Steve Henson]
*) Replace the highly broken and deprecated SPKAC certification method with *) Replace the highly broken and deprecated SPKAC certification method with
the updated NID creation version. This should correctly handle UTF8. the updated NID creation version. This should correctly handle UTF8.
[Steve Henson] [Steve Henson]

2
apps/s_client.c
View File

@@ -1525,6 +1525,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
EVP_PKEY_bits(pktmp)); EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp); EVP_PKEY_free(pktmp);
} }
BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
comp=SSL_get_current_compression(s); comp=SSL_get_current_compression(s);
expansion=SSL_get_current_expansion(s); expansion=SSL_get_current_expansion(s);

2
apps/s_server.c
View File

@@ -2030,6 +2030,8 @@ static int init_ssl_connection(SSL *con)
con->kssl_ctx->client_princ); con->kssl_ctx->client_princ);
} }
#endif /* OPENSSL_NO_KRB5 */ #endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
return(1); return(1);
} }

4
ssl/ssl.h
View File

@@ -582,6 +582,8 @@ typedef struct ssl_session_st
#define SSL_set_mtu(ssl, mtu) \ #define SSL_set_mtu(ssl, mtu) \
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
#define SSL_get_secure_renegotiation_support(ssl) \
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -1249,6 +1251,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_CTRL_GET_MAX_CERT_LIST 50 #define SSL_CTRL_GET_MAX_CERT_LIST 50
#define SSL_CTRL_SET_MAX_CERT_LIST 51 #define SSL_CTRL_SET_MAX_CERT_LIST 51
#define SSL_CTRL_GET_RI_SUPPORT 53
/* see tls1.h for macros based on these */ /* see tls1.h for macros based on these */
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53

6
ssl/ssl_lib.c
View File

@@ -1003,6 +1003,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
return larg; return larg;
} }
return 0; return 0;
case SSL_CTRL_GET_RI_SUPPORT:
if (s->s3)
return s->s3->send_connection_binding;
else return 0;
default: default:
return(s->method->ssl_ctrl(s,cmd,larg,parg)); return(s->method->ssl_ctrl(s,cmd,larg,parg));
} }
@@ -1294,7 +1298,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
{ {
static SSL_CIPHER msvc = static SSL_CIPHER msvc =
{ {
0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0,
}; };
j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p); j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p);
p+=j; p+=j;