Loading CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -863,6 +863,11 @@ Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx] *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if peer supports secure renegotiation and 0 otherwise. Print out peer renegotiation support in s_client/s_server. [Steve Henson] *) Replace the highly broken and deprecated SPKAC certification method with the updated NID creation version. This should correctly handle UTF8. [Steve Henson] Loading apps/s_client.c +2 −0 Original line number Diff line number Diff line Loading @@ -1730,6 +1730,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } BIO_printf(bio, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); #ifndef OPENSSL_NO_COMP comp=SSL_get_current_compression(s); expansion=SSL_get_current_expansion(s); Loading apps/s_server.c +2 −0 Original line number Diff line number Diff line Loading @@ -2215,6 +2215,8 @@ static int init_ssl_connection(SSL *con) con->kssl_ctx->client_princ); } #endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); return(1); } Loading ssl/ssl.h +4 −0 Original line number Diff line number Diff line Loading @@ -625,6 +625,8 @@ typedef struct ssl_session_st #define SSL_set_mtu(ssl, mtu) \ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) #define SSL_get_secure_renegotiation_support(ssl) \ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); Loading Loading @@ -1374,6 +1376,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 #define SSL_CTRL_GET_RI_SUPPORT 53 /* see tls1.h for macros based on these */ #ifndef OPENSSL_NO_TLSEXT #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 Loading ssl/ssl_lib.c +4 −0 Original line number Diff line number Diff line Loading @@ -1062,6 +1062,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) return 0; s->max_send_fragment = larg; return 1; case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) return s->s3->send_connection_binding; else return 0; default: return(s->method->ssl_ctrl(s,cmd,larg,parg)); } Loading Loading
CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -863,6 +863,11 @@ Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx] *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if peer supports secure renegotiation and 0 otherwise. Print out peer renegotiation support in s_client/s_server. [Steve Henson] *) Replace the highly broken and deprecated SPKAC certification method with the updated NID creation version. This should correctly handle UTF8. [Steve Henson] Loading
apps/s_client.c +2 −0 Original line number Diff line number Diff line Loading @@ -1730,6 +1730,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } BIO_printf(bio, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); #ifndef OPENSSL_NO_COMP comp=SSL_get_current_compression(s); expansion=SSL_get_current_expansion(s); Loading
apps/s_server.c +2 −0 Original line number Diff line number Diff line Loading @@ -2215,6 +2215,8 @@ static int init_ssl_connection(SSL *con) con->kssl_ctx->client_princ); } #endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); return(1); } Loading
ssl/ssl.h +4 −0 Original line number Diff line number Diff line Loading @@ -625,6 +625,8 @@ typedef struct ssl_session_st #define SSL_set_mtu(ssl, mtu) \ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) #define SSL_get_secure_renegotiation_support(ssl) \ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); Loading Loading @@ -1374,6 +1376,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 #define SSL_CTRL_GET_RI_SUPPORT 53 /* see tls1.h for macros based on these */ #ifndef OPENSSL_NO_TLSEXT #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 Loading
ssl/ssl_lib.c +4 −0 Original line number Diff line number Diff line Loading @@ -1062,6 +1062,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) return 0; s->max_send_fragment = larg; return 1; case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) return s->s3->send_connection_binding; else return 0; default: return(s->method->ssl_ctrl(s,cmd,larg,parg)); } Loading
