Loading CHANGES +7 −4 Original line number Diff line number Diff line Loading @@ -4,9 +4,13 @@ Changes between 0.9.8a and 0.9.9 [xx XXX xxxx] *) Add support for TLS extensions, specifically for the HostName extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for HostName support. *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for a host name. The SSL data structure has an additional member SSL_CTX *initial_ctx so that new sessions can be stored in that context to allow for session resumption, even after the SSL has been switched to a new SSL_CTX in reaction to a client's server_name extension. New functions (subject to change): Loading @@ -21,7 +25,6 @@ SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG - SSL_CTX_set_tlsext_servername_arg() SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname() SSL_CTRL_GET_TLSEXT_HOSTNAME [similar to SSL_get_servername()] SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE - SSL_set_tlsext_servername_done() Loading apps/s_client.c +1 −1 Original line number Diff line number Diff line Loading @@ -245,7 +245,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) else BIO_printf(bio_err,"Can't use SSL_get_servername\n"); return SSL_ERROR_NONE; return 1; } #endif Loading apps/s_server.c +4 −5 Original line number Diff line number Diff line Loading @@ -540,24 +540,24 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) { tlsextctx * p = (tlsextctx *) arg; const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); if (servername) if (servername && p->biodebug) BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); if (!p->servername) { SSL_set_tlsext_servername_done(s,2); return SSL_ERROR_NONE; return 1; } if (servername) { if (strcmp(servername,p->servername)) return TLS1_AD_UNRECOGNIZED_NAME; return 0; if (ctx2) SSL_set_SSL_CTX(s,ctx2); SSL_set_tlsext_servername_done(s,1); } return SSL_ERROR_NONE; return 1; } #endif Loading Loading @@ -845,7 +845,6 @@ int MAIN(int argc, char *argv[]) { if (--argc < 1) goto bad; tlsextcbp.servername= *(++argv); /* meth=TLSv1_server_method(); */ } else if (strcmp(*argv,"-cert2") == 0) { Loading ssl/s3_lib.c +0 −13 Original line number Diff line number Diff line Loading @@ -1644,19 +1644,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_GET_TLSEXT_HOSTNAME: if (larg != TLSEXT_NAMETYPE_host_name) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return(0); } /* XXX cf. SSL_get_servername() (ssl_lib.c) */ if (s->session && s->session->tlsext_hostname) *((char **) parg) = s->session->tlsext_hostname; else *((char **) parg) = s->tlsext_hostname; ret = 1; break; case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { Loading ssl/ssl.h +4 −2 Original line number Diff line number Diff line Loading @@ -993,6 +993,7 @@ struct ssl_st 1 : prepare 2, allow last ack just after in server callback. 2 : don't call servername callback, no ack in server hello */ SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ #endif }; Loading Loading @@ -1201,11 +1202,12 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 /* see tls.h for macros based on these */ #ifndef OPENSSL_NO_TLSEXT #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_GET_TLSEXT_HOSTNAME 56 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE 57 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE 56 #endif #define SSL_session_reused(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) Loading Loading
CHANGES +7 −4 Original line number Diff line number Diff line Loading @@ -4,9 +4,13 @@ Changes between 0.9.8a and 0.9.9 [xx XXX xxxx] *) Add support for TLS extensions, specifically for the HostName extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for HostName support. *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for a host name. The SSL data structure has an additional member SSL_CTX *initial_ctx so that new sessions can be stored in that context to allow for session resumption, even after the SSL has been switched to a new SSL_CTX in reaction to a client's server_name extension. New functions (subject to change): Loading @@ -21,7 +25,6 @@ SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG - SSL_CTX_set_tlsext_servername_arg() SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname() SSL_CTRL_GET_TLSEXT_HOSTNAME [similar to SSL_get_servername()] SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE - SSL_set_tlsext_servername_done() Loading
apps/s_client.c +1 −1 Original line number Diff line number Diff line Loading @@ -245,7 +245,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) else BIO_printf(bio_err,"Can't use SSL_get_servername\n"); return SSL_ERROR_NONE; return 1; } #endif Loading
apps/s_server.c +4 −5 Original line number Diff line number Diff line Loading @@ -540,24 +540,24 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) { tlsextctx * p = (tlsextctx *) arg; const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); if (servername) if (servername && p->biodebug) BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); if (!p->servername) { SSL_set_tlsext_servername_done(s,2); return SSL_ERROR_NONE; return 1; } if (servername) { if (strcmp(servername,p->servername)) return TLS1_AD_UNRECOGNIZED_NAME; return 0; if (ctx2) SSL_set_SSL_CTX(s,ctx2); SSL_set_tlsext_servername_done(s,1); } return SSL_ERROR_NONE; return 1; } #endif Loading Loading @@ -845,7 +845,6 @@ int MAIN(int argc, char *argv[]) { if (--argc < 1) goto bad; tlsextcbp.servername= *(++argv); /* meth=TLSv1_server_method(); */ } else if (strcmp(*argv,"-cert2") == 0) { Loading
ssl/s3_lib.c +0 −13 Original line number Diff line number Diff line Loading @@ -1644,19 +1644,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_GET_TLSEXT_HOSTNAME: if (larg != TLSEXT_NAMETYPE_host_name) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return(0); } /* XXX cf. SSL_get_servername() (ssl_lib.c) */ if (s->session && s->session->tlsext_hostname) *((char **) parg) = s->session->tlsext_hostname; else *((char **) parg) = s->tlsext_hostname; ret = 1; break; case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { Loading
ssl/ssl.h +4 −2 Original line number Diff line number Diff line Loading @@ -993,6 +993,7 @@ struct ssl_st 1 : prepare 2, allow last ack just after in server callback. 2 : don't call servername callback, no ack in server hello */ SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ #endif }; Loading Loading @@ -1201,11 +1202,12 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 /* see tls.h for macros based on these */ #ifndef OPENSSL_NO_TLSEXT #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_GET_TLSEXT_HOSTNAME 56 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE 57 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE 56 #endif #define SSL_session_reused(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) Loading
