C style fix-up

 Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]

  *) Add support for TLS extensions, specifically for the HostName extension.

     The SSL_SESSION, SSL_CTX, and SSL data structures now have new members

     for HostName support.

     openssl s_client has a new '-servername' option.

     openssl s_server has new options '-servername', '-cert2', and '-key2';

     this allows testing the HostName extension for a specific single

     host name ('-cert' and '-key' remain fallbacks for handshakes without

     HostName negotiation).

     [Peter Sylvester]

  *) Whirlpool hash implementation is added.

     [Andy Polyakov]

 * [including the GNU Public Licence.]

 */

/* ====================================================================

 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

} tlsextctx;

static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) {

static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)

	{

	tlsextctx * p = (tlsextctx *) arg;

	const unsigned char * hn= SSL_get_servername(s, TLSEXT_TYPE_SERVER_host);

	if (SSL_get_servername_type(s) != -1) 

	int starttls_proto = 0;

	int prexit = 0, vflags = 0;

	const SSL_METHOD *meth=NULL;

	int socketType=SOCK_STREAM;

	int socket_type=SOCK_STREAM;

	BIO *sbio;

	char *inrand=NULL;

#ifndef OPENSSL_NO_ENGINE

	struct sockaddr peer;

	int peerlen = sizeof(peer);

	int enable_timeouts = 0 ;

	long mtu = 0;

	long socket_mtu = 0;

#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

	meth=SSLv23_client_method();

		else if	(strcmp(*argv,"-dtls1") == 0)

			{

			meth=DTLSv1_client_method();

			socketType=SOCK_DGRAM;

			socket_type=SOCK_DGRAM;

			}

		else if (strcmp(*argv,"-timeout") == 0)

			enable_timeouts=1;

		else if (strcmp(*argv,"-mtu") == 0)

			{

			if (--argc < 1) goto bad;

			mtu = atol(*(++argv));

			socket_mtu = atol(*(++argv));

			}

#endif

		else if (strcmp(*argv,"-bugs") == 0)

	/* DTLS: partial reads end up discarding unread UDP bytes :-( 

	 * Setting read ahead solves this problem.

	 */

	if (socketType == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);

	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);

	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);

	if (cipher != NULL)

	store = SSL_CTX_get_cert_store(ctx);

	X509_STORE_set_flags(store, vflags);

#ifndef OPENSSL_NO_TLSEXT

	if (servername != NULL) {

	if (servername != NULL)

		{

		tlsextcbp.biodebug = bio_err;

		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);

	con=SSL_new(ctx);

#ifndef OPENSSL_NO_TLSEXT

	if (servername != NULL){

		if (!SSL_set_tlsext_hostname(con,servername)){

	if (servername != NULL)

		{

		if (!SSL_set_tlsext_hostname(con,servername))

			{

			BIO_printf(bio_err,"Unable to set TLS servername extension.\n");

			ERR_print_errors(bio_err);

			goto end;

re_start:

	if (init_client(&s,host,port,socketType) == 0)

	if (init_client(&s,host,port,socket_type) == 0)

		{

		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());

		SHUTDOWN(s);

			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);

			}

		if ( mtu > 0)

		if (socket_mtu > 0)

			{

			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);

			SSL_set_mtu(con, mtu);

			SSL_set_mtu(con, socket_mtu);

			}

		else

			/* want to do MTU discovery */

				{

				in_init=0;

#ifndef OPENSSL_NO_TLSEXT

	if (servername != NULL && !SSL_session_reused(con)) {

	if (servername != NULL && !SSL_session_reused(con))

		{

		BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");

		}

#endif

 * [including the GNU Public Licence.]

 */

/* ====================================================================

 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

static const char *session_id_prefix=NULL;

static int enable_timeouts = 0;

static long socketMtu;

static long socket_mtu;

static int cert_chain = 0;

	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");

	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

#ifndef OPENSSL_NO_TLSEXT

	BIO_printf(bio_err," -servername host - check TLS1 servername\n");

	BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");

	BIO_printf(bio_err," -cert2 arg    - certificate file to use for servername\n");

	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT2);

	BIO_printf(bio_err," -key2 arg     - Private Key file to use for servername, in cert file if\n");

	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);

	BIO_printf(bio_err," -servername host - check TLS1 servername\n");

#endif

	}

} tlsextctx;

static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) {

static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)

	{

	tlsextctx * p = (tlsextctx *) arg;

	const char * servername = SSL_get_servername(s, TLSEXT_TYPE_SERVER_host);

        if (servername) 

		BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);

	if (!p->servername) {

	if (!p->servername)

		{

		SSL_set_tlsext_servername_done(s,2);

		return SSL_ERROR_NONE;

		}

	if (servername) {

	if (servername)

		{

    		if (strcmp(servername,p->servername)) 

			return TLS1_AD_UNRECOGNIZED_NAME;

		if (ctx2) 

	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;

	int state=0;

	const SSL_METHOD *meth=NULL;

	int socketType=SOCK_STREAM;

	int socket_type=SOCK_STREAM;

#ifndef OPENSSL_NO_ENGINE

	ENGINE *e=NULL;

#endif

#endif

#ifndef OPENSSL_NO_TLSEXT

        tlsextctx tlsextcbp = 

        {NULL,NULL

        };

        tlsextctx tlsextcbp = {NULL, NULL};

#endif

#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

	meth=SSLv23_server_method();

		else if	(strcmp(*argv,"-dtls1") == 0)

			{ 

			meth=DTLSv1_server_method();

			socketType = SOCK_DGRAM;

			socket_type = SOCK_DGRAM;

			}

		else if (strcmp(*argv,"-timeout") == 0)

			enable_timeouts = 1;

		else if (strcmp(*argv,"-mtu") == 0)

			{

			if (--argc < 1) goto bad;

			socketMtu = atol(*(++argv));

			socket_mtu = atol(*(++argv));

			}

		else if (strcmp(*argv, "-chain") == 0)

			cert_chain = 1;

	/* DTLS: partial reads end up discarding unread UDP bytes :-( 

	 * Setting read ahead solves this problem.

	 */

	if (socketType == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);

	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);

	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);

	X509_STORE_set_flags(store, vflags);

#ifndef OPENSSL_NO_TLSEXT

	if (s_cert2) {

	if (s_cert2)

		{

		ctx2=SSL_CTX_new(meth);

		if (ctx2 == NULL)

			{

			}

		}

	if (ctx2) {

	if (ctx2)

		{

		BIO_printf(bio_s_out,"Setting secondary ctx parameters\n");

		if (session_id_prefix)

			{

			if(strlen(session_id_prefix) >= 32)

		/* DTLS: partial reads end up discarding unread UDP bytes :-( 

		 * Setting read ahead solves this problem.

		 */

	if (socketType == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);

		if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);

		if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);

			}

		store = SSL_CTX_get_cert_store(ctx2);

		X509_STORE_set_flags(store, vflags);

		}

#endif 

#ifndef OPENSSL_NO_DH

	if (!no_dhe)

		{

		SSL_CTX_set_tmp_dh(ctx,dh);

#ifndef OPENSSL_NO_TLSEXT

		if (ctx2) {

			if (!dhfile) { 

		if (ctx2)

			{

			if (!dhfile)

				{ 

				DH *dh2=load_dh_param(s_cert_file2);

				if (dh2 != NULL)

					{

#ifndef OPENSSL_NO_RSA

#if 1

	if (!no_tmp_rsa) {

	if (!no_tmp_rsa)

		{

		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);

#ifndef OPENSSL_NO_TLSEXT

		if (ctx2) 

			goto end;

			}

#ifndef OPENSSL_NO_TLSEXT

			if (ctx2) {

			if (ctx2)

				{

				if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))

					{

					ERR_print_errors(bio_err);

			goto end;

		}

#ifndef OPENSSL_NO_TLSEXT

		if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) {

		if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))

			{

			BIO_printf(bio_err,"error setting cipher list\n");

			ERR_print_errors(bio_err);

			goto end;

		sizeof s_server_session_id_context);

#ifndef OPENSSL_NO_TLSEXT

	if (ctx2) {

	if (ctx2)

		{

		SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);

		SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,

			sizeof s_server_session_id_context);

	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

	SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);

#endif

	if (CAfile != NULL) {

	if (CAfile != NULL)

		{

		SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));

#ifndef OPENSSL_NO_TLSEXT

		if (ctx2) 

	BIO_printf(bio_s_out,"ACCEPT\n");

	if (www)

		do_server(port,socketType,&accept_socket,www_body, context);

		do_server(port,socket_type,&accept_socket,www_body, context);

	else

		do_server(port,socketType,&accept_socket,sv_body, context);

		do_server(port,socket_type,&accept_socket,sv_body, context);

	print_stats(bio_s_out,ctx);

	ret=0;

end:

			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);

			}

		if ( socketMtu > 0)

		if (socket_mtu > 0)

			{

			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);

			SSL_set_mtu(con, socketMtu);

			SSL_set_mtu(con, socket_mtu);

			}

		else

			/* want to do MTU discovery */