Loading CHANGES +0 −7 Original line number Diff line number Diff line Loading @@ -23,10 +23,6 @@ MGF1 digest and OAEP label. [Steve Henson] *) Add callbacks supporting generation and retrieval of supplemental data entries. [Scott Deboy <sdeboy@apache.org>, Trevor Perrin and Ben Laurie] *) Add EVP support for key wrapping algorithms, to avoid problems with existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap Loading Loading @@ -233,9 +229,6 @@ *) Support for linux-x32, ILP32 environment in x86_64 framework. [Andy Polyakov] *) RFC 5878 (TLS Authorization Extensions) support. [Emilia Kasper, Adam Langley, Ben Laurie (Google)] *) Experimental multi-implementation support for FIPS capable OpenSSL. When in FIPS mode the approved implementations are used as normal, when not in FIPS mode the internal unapproved versions are used instead. Loading apps/s_cb.c +0 −3 Original line number Diff line number Diff line Loading @@ -880,9 +880,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 20: str_details1 = ", Finished"; break; case 23: str_details1 = ", SupplementalData"; break; } } } Loading apps/s_client.c +0 −121 Original line number Diff line number Diff line Loading @@ -214,8 +214,6 @@ static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); #ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg); static int c_auth = 0; static int c_auth_require_reneg = 0; #endif static BIO *bio_c_out=NULL; static BIO *bio_c_msg=NULL; Loading @@ -223,37 +221,6 @@ static int c_quiet=0; static int c_ign_eof=0; static int c_brief=0; #ifndef OPENSSL_NO_TLSEXT static unsigned char *generated_supp_data = NULL; static const unsigned char *most_recent_supplemental_data = NULL; static size_t most_recent_supplemental_data_length = 0; static int server_provided_server_authz = 0; static int server_provided_client_authz = 0; static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); #endif #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ static char *psk_identity="Client_identity"; Loading Loading @@ -397,8 +364,6 @@ static void sc_usage(void) BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err," -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); BIO_printf(bio_err," -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n"); BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n"); #endif # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); Loading Loading @@ -852,10 +817,6 @@ static char *jpake_secret = NULL; c_tlsextdebug=1; else if (strcmp(*argv,"-status") == 0) c_status_req=1; else if (strcmp(*argv,"-auth") == 0) c_auth = 1; else if (strcmp(*argv,"-auth_require_reneg") == 0) c_auth_require_reneg = 1; #endif #ifdef WATT32 else if (strcmp(*argv,"-wdebug") == 0) Loading Loading @@ -1429,12 +1390,6 @@ bad: } #endif if (c_auth) { SSL_CTX_set_custom_cli_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_generate_cb, authz_tlsext_cb, bio_err); SSL_CTX_set_custom_cli_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_generate_cb, authz_tlsext_cb, bio_err); SSL_CTX_set_cli_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, suppdata_cb, auth_suppdata_generate_cb, bio_err); } #endif con=SSL_new(ctx); Loading Loading @@ -1775,12 +1730,6 @@ SSL_set_tlsext_status_ids(con, ids); "CONNECTION ESTABLISHED\n"); print_ssl_summary(bio_err, con); } /*handshake is complete - free the generated supp data allocated in the callback */ if (generated_supp_data) { OPENSSL_free(generated_supp_data); generated_supp_data = NULL; } print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; Loading Loading @@ -2431,74 +2380,4 @@ static int ocsp_resp_cb(SSL *s, void *arg) return 1; } static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) server_provided_server_authz = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL); if (TLSEXT_TYPE_client_authz == ext_type) server_provided_client_authz = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL); return 1; } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth) { /*if auth_require_reneg flag is set, only send extensions if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { *out = auth_ext_data; *outlen = 1; return 1; } } /* no auth extension to send */ return -1; } static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { most_recent_supplemental_data = in; most_recent_supplemental_data_length = inlen; } return 1; } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && server_provided_client_authz && server_provided_server_authz) { /*if auth_require_reneg flag is set, only send supplemental data if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { generated_supp_data = OPENSSL_malloc(10); memcpy(generated_supp_data, "5432154321", 10); *out = generated_supp_data; *outlen = 10; return 1; } } /* no supplemental data to send */ return -1; } #endif apps/s_server.c +0 −127 Original line number Diff line number Diff line Loading @@ -224,20 +224,6 @@ static DH *get_dh512(void); static void s_server_init(void); #endif #ifndef OPENSSL_NO_TLSEXT static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static unsigned char *generated_supp_data = NULL; static const unsigned char *most_recent_supplemental_data = NULL; static size_t most_recent_supplemental_data_length = 0; static int client_provided_server_authz = 0; static int client_provided_client_authz = 0; #endif #ifndef OPENSSL_NO_DH static unsigned char dh512_p[]={ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, Loading Loading @@ -329,29 +315,9 @@ static int cert_chain = 0; #endif #ifndef OPENSSL_NO_TLSEXT static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static BIO *serverinfo_in = NULL; static const char *s_serverinfo_file = NULL; static int c_auth = 0; static int c_auth_require_reneg = 0; #endif #ifndef OPENSSL_NO_PSK Loading Loading @@ -1172,15 +1138,7 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_serverinfo_file = *(++argv); } else if (strcmp(*argv,"-auth") == 0) { c_auth = 1; } #endif else if (strcmp(*argv,"-auth_require_reneg") == 0) { c_auth_require_reneg = 1; } else if (strcmp(*argv,"-certform") == 0) { if (--argc < 1) goto bad; Loading Loading @@ -1965,12 +1923,6 @@ bad: ERR_print_errors(bio_err); goto end; } if (c_auth) { SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); SSL_CTX_set_srv_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, auth_suppdata_generate_cb, suppdata_cb, bio_err); } #endif #ifndef OPENSSL_NO_TLSEXT if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2, NULL, build_chain)) Loading Loading @@ -2671,12 +2623,6 @@ static int init_ssl_connection(SSL *con) i=SSL_accept(con); } #endif /*handshake is complete - free the generated supp data allocated in the callback */ if (generated_supp_data) { OPENSSL_free(generated_supp_data); generated_supp_data = NULL; } if (i <= 0) { Loading Loading @@ -3542,76 +3488,3 @@ static void free_sessions(void) first = NULL; } #ifndef OPENSSL_NO_TLSEXT static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) client_provided_server_authz = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; if (TLSEXT_TYPE_client_authz == ext_type) client_provided_client_authz = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; return 1; } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { /*if auth_require_reneg flag is set, only send extensions if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { *out = auth_ext_data; *outlen = 1; return 1; } } /* no auth extension to send */ return -1; } static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { most_recent_supplemental_data = in; most_recent_supplemental_data_length = inlen; } return 1; } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { /*if auth_require_reneg flag is set, only send supplemental data if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { generated_supp_data = OPENSSL_malloc(10); memcpy(generated_supp_data, "1234512345", 10); *out = generated_supp_data; *outlen = 10; return 1; } } /* no supplemental data to send */ return -1; } #endif doc/apps/s_client.pod +0 −11 Original line number Diff line number Diff line Loading @@ -48,8 +48,6 @@ B<openssl> B<s_client> [B<-sess_in filename>] [B<-rand file(s)>] [B<-serverinfo types>] [B<-auth>] [B<-auth_require_reneg>] =head1 DESCRIPTION Loading Loading @@ -269,15 +267,6 @@ a list of comma-separated TLS Extension Types (numbers between 0 and The server's response (if any) will be encoded and displayed as a PEM file. =item B<-auth> send RFC 5878 client and server authorization extensions in the Client Hello as well as supplemental data if the server also sent the authorization extensions in the Server Hello. =item B<-auth_require_reneg> only send RFC 5878 client and server authorization extensions during renegotiation. =back =head1 CONNECTED COMMANDS Loading Loading
CHANGES +0 −7 Original line number Diff line number Diff line Loading @@ -23,10 +23,6 @@ MGF1 digest and OAEP label. [Steve Henson] *) Add callbacks supporting generation and retrieval of supplemental data entries. [Scott Deboy <sdeboy@apache.org>, Trevor Perrin and Ben Laurie] *) Add EVP support for key wrapping algorithms, to avoid problems with existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap Loading Loading @@ -233,9 +229,6 @@ *) Support for linux-x32, ILP32 environment in x86_64 framework. [Andy Polyakov] *) RFC 5878 (TLS Authorization Extensions) support. [Emilia Kasper, Adam Langley, Ben Laurie (Google)] *) Experimental multi-implementation support for FIPS capable OpenSSL. When in FIPS mode the approved implementations are used as normal, when not in FIPS mode the internal unapproved versions are used instead. Loading
apps/s_cb.c +0 −3 Original line number Diff line number Diff line Loading @@ -880,9 +880,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 20: str_details1 = ", Finished"; break; case 23: str_details1 = ", SupplementalData"; break; } } } Loading
apps/s_client.c +0 −121 Original line number Diff line number Diff line Loading @@ -214,8 +214,6 @@ static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); #ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg); static int c_auth = 0; static int c_auth_require_reneg = 0; #endif static BIO *bio_c_out=NULL; static BIO *bio_c_msg=NULL; Loading @@ -223,37 +221,6 @@ static int c_quiet=0; static int c_ign_eof=0; static int c_brief=0; #ifndef OPENSSL_NO_TLSEXT static unsigned char *generated_supp_data = NULL; static const unsigned char *most_recent_supplemental_data = NULL; static size_t most_recent_supplemental_data_length = 0; static int server_provided_server_authz = 0; static int server_provided_client_authz = 0; static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); #endif #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ static char *psk_identity="Client_identity"; Loading Loading @@ -397,8 +364,6 @@ static void sc_usage(void) BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err," -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); BIO_printf(bio_err," -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n"); BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n"); #endif # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); Loading Loading @@ -852,10 +817,6 @@ static char *jpake_secret = NULL; c_tlsextdebug=1; else if (strcmp(*argv,"-status") == 0) c_status_req=1; else if (strcmp(*argv,"-auth") == 0) c_auth = 1; else if (strcmp(*argv,"-auth_require_reneg") == 0) c_auth_require_reneg = 1; #endif #ifdef WATT32 else if (strcmp(*argv,"-wdebug") == 0) Loading Loading @@ -1429,12 +1390,6 @@ bad: } #endif if (c_auth) { SSL_CTX_set_custom_cli_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_generate_cb, authz_tlsext_cb, bio_err); SSL_CTX_set_custom_cli_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_generate_cb, authz_tlsext_cb, bio_err); SSL_CTX_set_cli_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, suppdata_cb, auth_suppdata_generate_cb, bio_err); } #endif con=SSL_new(ctx); Loading Loading @@ -1775,12 +1730,6 @@ SSL_set_tlsext_status_ids(con, ids); "CONNECTION ESTABLISHED\n"); print_ssl_summary(bio_err, con); } /*handshake is complete - free the generated supp data allocated in the callback */ if (generated_supp_data) { OPENSSL_free(generated_supp_data); generated_supp_data = NULL; } print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; Loading Loading @@ -2431,74 +2380,4 @@ static int ocsp_resp_cb(SSL *s, void *arg) return 1; } static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) server_provided_server_authz = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL); if (TLSEXT_TYPE_client_authz == ext_type) server_provided_client_authz = (memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL); return 1; } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth) { /*if auth_require_reneg flag is set, only send extensions if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { *out = auth_ext_data; *outlen = 1; return 1; } } /* no auth extension to send */ return -1; } static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { most_recent_supplemental_data = in; most_recent_supplemental_data_length = inlen; } return 1; } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && server_provided_client_authz && server_provided_server_authz) { /*if auth_require_reneg flag is set, only send supplemental data if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { generated_supp_data = OPENSSL_malloc(10); memcpy(generated_supp_data, "5432154321", 10); *out = generated_supp_data; *outlen = 10; return 1; } } /* no supplemental data to send */ return -1; } #endif
apps/s_server.c +0 −127 Original line number Diff line number Diff line Loading @@ -224,20 +224,6 @@ static DH *get_dh512(void); static void s_server_init(void); #endif #ifndef OPENSSL_NO_TLSEXT static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; static unsigned char *generated_supp_data = NULL; static const unsigned char *most_recent_supplemental_data = NULL; static size_t most_recent_supplemental_data_length = 0; static int client_provided_server_authz = 0; static int client_provided_client_authz = 0; #endif #ifndef OPENSSL_NO_DH static unsigned char dh512_p[]={ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, Loading Loading @@ -329,29 +315,9 @@ static int cert_chain = 0; #endif #ifndef OPENSSL_NO_TLSEXT static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg); static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg); static BIO *serverinfo_in = NULL; static const char *s_serverinfo_file = NULL; static int c_auth = 0; static int c_auth_require_reneg = 0; #endif #ifndef OPENSSL_NO_PSK Loading Loading @@ -1172,15 +1138,7 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_serverinfo_file = *(++argv); } else if (strcmp(*argv,"-auth") == 0) { c_auth = 1; } #endif else if (strcmp(*argv,"-auth_require_reneg") == 0) { c_auth_require_reneg = 1; } else if (strcmp(*argv,"-certform") == 0) { if (--argc < 1) goto bad; Loading Loading @@ -1965,12 +1923,6 @@ bad: ERR_print_errors(bio_err); goto end; } if (c_auth) { SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); SSL_CTX_set_srv_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, auth_suppdata_generate_cb, suppdata_cb, bio_err); } #endif #ifndef OPENSSL_NO_TLSEXT if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2, NULL, build_chain)) Loading Loading @@ -2671,12 +2623,6 @@ static int init_ssl_connection(SSL *con) i=SSL_accept(con); } #endif /*handshake is complete - free the generated supp data allocated in the callback */ if (generated_supp_data) { OPENSSL_free(generated_supp_data); generated_supp_data = NULL; } if (i <= 0) { Loading Loading @@ -3542,76 +3488,3 @@ static void free_sessions(void) first = NULL; } #ifndef OPENSSL_NO_TLSEXT static int authz_tlsext_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (TLSEXT_TYPE_server_authz == ext_type) client_provided_server_authz = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; if (TLSEXT_TYPE_client_authz == ext_type) client_provided_client_authz = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; return 1; } static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { /*if auth_require_reneg flag is set, only send extensions if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { *out = auth_ext_data; *outlen = 1; return 1; } } /* no auth extension to send */ return -1; } static int suppdata_cb(SSL *s, unsigned short supp_data_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) { most_recent_supplemental_data = in; most_recent_supplemental_data_length = inlen; } return 1; } static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, const unsigned char **out, unsigned short *outlen, int *al, void *arg) { if (c_auth && client_provided_client_authz && client_provided_server_authz) { /*if auth_require_reneg flag is set, only send supplemental data if renegotiation has occurred */ if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s))) { generated_supp_data = OPENSSL_malloc(10); memcpy(generated_supp_data, "1234512345", 10); *out = generated_supp_data; *outlen = 10; return 1; } } /* no supplemental data to send */ return -1; } #endif
doc/apps/s_client.pod +0 −11 Original line number Diff line number Diff line Loading @@ -48,8 +48,6 @@ B<openssl> B<s_client> [B<-sess_in filename>] [B<-rand file(s)>] [B<-serverinfo types>] [B<-auth>] [B<-auth_require_reneg>] =head1 DESCRIPTION Loading Loading @@ -269,15 +267,6 @@ a list of comma-separated TLS Extension Types (numbers between 0 and The server's response (if any) will be encoded and displayed as a PEM file. =item B<-auth> send RFC 5878 client and server authorization extensions in the Client Hello as well as supplemental data if the server also sent the authorization extensions in the Server Hello. =item B<-auth_require_reneg> only send RFC 5878 client and server authorization extensions during renegotiation. =back =head1 CONNECTED COMMANDS Loading
