Loading CHANGES +2 −2 Original line number Diff line number Diff line Loading @@ -25,8 +25,6 @@ SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG - SSL_CTX_set_tlsext_servername_arg() SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname() SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE - SSL_set_tlsext_servername_done() openssl s_client has a new '-servername' option. Loading @@ -34,6 +32,8 @@ (subject to change); this allows testing the HostName extension for a specific single host name ('-cert' and '-key' remain fallbacks for handshakes without HostName negotiation). The option servername_warn allows to return a warning alert instead of a fatal alert in case of servername mismatch. [Peter Sylvester, Remy Allais, Christophe Renou] Loading apps/s_client.c +1 −1 Original line number Diff line number Diff line Loading @@ -647,7 +647,7 @@ bad: #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { if (!SSL_set_tlsext_hostname(con,servername)) if (!SSL_set_tlsext_host_name(con,servername)) { BIO_printf(bio_err,"Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); Loading apps/s_server.c +10 −7 Original line number Diff line number Diff line Loading @@ -367,6 +367,7 @@ static void sv_usage(void) BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); #ifndef OPENSSL_NO_TLSEXT BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); BIO_printf(bio_err," -servername_warn - on mismatch send warning (default fatal alert)\n"); BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); Loading Loading @@ -533,6 +534,7 @@ static int ebcdic_puts(BIO *bp, const char *str) typedef struct tlsextctx_st { char * servername; BIO * biodebug; int servername_warn; } tlsextctx; Loading @@ -544,18 +546,16 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); if (!p->servername) { SSL_set_tlsext_servername_done(s,2); return 1; } if (servername) { if (strcmp(servername,p->servername)) return 0; if (ctx2) return p->servername_warn; if (ctx2) { BIO_printf(p->biodebug,"Swiching server context.\n"); SSL_set_SSL_CTX(s,ctx2); SSL_set_tlsext_servername_done(s,1); } } return 1; } Loading Loading @@ -597,7 +597,7 @@ int MAIN(int argc, char *argv[]) #endif #ifndef OPENSSL_NO_TLSEXT tlsextctx tlsextcbp = {NULL, NULL}; tlsextctx tlsextcbp = {NULL, NULL, -1}; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); Loading Loading @@ -846,6 +846,8 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; tlsextcbp.servername= *(++argv); } else if (strcmp(*argv,"-servername_warn") == 0) { tlsextcbp.servername_warn = 0; } else if (strcmp(*argv,"-cert2") == 0) { if (--argc < 1) goto bad; Loading Loading @@ -1553,6 +1555,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) ret= -11;*/ goto err; } if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) { Loading crypto/ec/ec_err.c +0 −1 Original line number Diff line number Diff line Loading @@ -131,7 +131,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"}, {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"}, {ERR_FUNC(EC_F_EC_GROUP_GROUP2NID), "EC_GROUP_GROUP2NID"}, {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, Loading ssl/s3_lib.c +1 −4 Original line number Diff line number Diff line Loading @@ -1654,7 +1654,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; if (parg == NULL) break; if (strlen((char *)parg) > 255) if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; Loading @@ -1672,9 +1672,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */ break; case SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE: s->servername_done = larg; break; #endif /* !OPENSSL_NO_TLSEXT */ default: break; Loading Loading
CHANGES +2 −2 Original line number Diff line number Diff line Loading @@ -25,8 +25,6 @@ SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG - SSL_CTX_set_tlsext_servername_arg() SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname() SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE - SSL_set_tlsext_servername_done() openssl s_client has a new '-servername' option. Loading @@ -34,6 +32,8 @@ (subject to change); this allows testing the HostName extension for a specific single host name ('-cert' and '-key' remain fallbacks for handshakes without HostName negotiation). The option servername_warn allows to return a warning alert instead of a fatal alert in case of servername mismatch. [Peter Sylvester, Remy Allais, Christophe Renou] Loading
apps/s_client.c +1 −1 Original line number Diff line number Diff line Loading @@ -647,7 +647,7 @@ bad: #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { if (!SSL_set_tlsext_hostname(con,servername)) if (!SSL_set_tlsext_host_name(con,servername)) { BIO_printf(bio_err,"Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); Loading
apps/s_server.c +10 −7 Original line number Diff line number Diff line Loading @@ -367,6 +367,7 @@ static void sv_usage(void) BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); #ifndef OPENSSL_NO_TLSEXT BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); BIO_printf(bio_err," -servername_warn - on mismatch send warning (default fatal alert)\n"); BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); Loading Loading @@ -533,6 +534,7 @@ static int ebcdic_puts(BIO *bp, const char *str) typedef struct tlsextctx_st { char * servername; BIO * biodebug; int servername_warn; } tlsextctx; Loading @@ -544,18 +546,16 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); if (!p->servername) { SSL_set_tlsext_servername_done(s,2); return 1; } if (servername) { if (strcmp(servername,p->servername)) return 0; if (ctx2) return p->servername_warn; if (ctx2) { BIO_printf(p->biodebug,"Swiching server context.\n"); SSL_set_SSL_CTX(s,ctx2); SSL_set_tlsext_servername_done(s,1); } } return 1; } Loading Loading @@ -597,7 +597,7 @@ int MAIN(int argc, char *argv[]) #endif #ifndef OPENSSL_NO_TLSEXT tlsextctx tlsextcbp = {NULL, NULL}; tlsextctx tlsextcbp = {NULL, NULL, -1}; #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); Loading Loading @@ -846,6 +846,8 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; tlsextcbp.servername= *(++argv); } else if (strcmp(*argv,"-servername_warn") == 0) { tlsextcbp.servername_warn = 0; } else if (strcmp(*argv,"-cert2") == 0) { if (--argc < 1) goto bad; Loading Loading @@ -1553,6 +1555,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) ret= -11;*/ goto err; } if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) { Loading
crypto/ec/ec_err.c +0 −1 Original line number Diff line number Diff line Loading @@ -131,7 +131,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"}, {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"}, {ERR_FUNC(EC_F_EC_GROUP_GROUP2NID), "EC_GROUP_GROUP2NID"}, {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, Loading
ssl/s3_lib.c +1 −4 Original line number Diff line number Diff line Loading @@ -1654,7 +1654,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; if (parg == NULL) break; if (strlen((char *)parg) > 255) if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; Loading @@ -1672,9 +1672,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */ break; case SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE: s->servername_done = larg; break; #endif /* !OPENSSL_NO_TLSEXT */ default: break; Loading
