Remove support for OPENSSL_NO_TLSEXT

	$disabled{"tls1"} = "forced";

	}

if (defined($disabled{"tls1"}))

	{

	$disabled{"tlsext"} = "forced";

	}

if (defined($disabled{"ec"}) || defined($disabled{"dsa"})

    || defined($disabled{"dh"}))

	$disabled{"gost"} = "forced";

	}

# SRP and HEARTBEATS require TLSEXT

if (defined($disabled{"tlsext"}))

	{

	$disabled{"srp"} = "forced";

	$disabled{"heartbeats"} = "forced";

	}

if ($target eq "TABLE") {

	foreach $target (sort keys %table) {

                        DES, DGRAM, DH, DSA, EC, EC2M, ECDH, ECDSA, ENGINE,

                        ERR, GOST, HEARTBEATS, HMAC, IDEA, MD2, MD4,

                        MD5, OCB, OCSP, PSK, RC2, RC4, RC5, RMD160, RSA, SCTP,

                        SEED, SOCK, SRP, SRTP, TLSEXT, WHIRLPOOL.  So, for

                        SEED, SOCK, SRP, SRTP, WHIRLPOOL.  So, for

                        example, having the logical name OPENSSL_NO_RSA with

                        the value YES means that the LIBCRYPTO.OLB library

                        will not contain an RSA implementation.

#endif

#ifndef OPENSSL_NO_TLSEXT

/*-

 * next_protos_parse parses a comma separated list of strings into a string

 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.

    *outlen = len + 1;

    return out;

}

#endif                          /* ndef OPENSSL_NO_TLSEXT */

void print_cert_checks(BIO *bio, X509 *x,

                       const char *checkhost,

void jpake_server_auth(BIO *out, BIO *conn, const char *secret);

# endif

# ifndef OPENSSL_NO_TLSEXT

unsigned char *next_protos_parse(unsigned short *outlen, const char *in);

# endif                         /* ndef OPENSSL_NO_TLSEXT */

void print_cert_checks(BIO *bio, X509 *x,

                       const char *checkhost,

static int c_brief = 0;

static void print_stuff(BIO *berr, SSL *con, int full);

#ifndef OPENSSL_NO_TLSEXT

static int ocsp_resp_cb(SSL *s, void *arg);

#endif

#ifndef OPENSSL_NO_PSK

/* Default PSK identity and key */

}

#endif

#ifndef OPENSSL_NO_TLSEXT

/* This is a context that we pass to callbacks */

typedef struct tlsextctx_st {

    BIO *biodebug;

    return 1;

}

#endif

typedef enum OPTION_choice {

    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,

    OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_UNIX, OPT_XMPPHOST, OPT_VERIFY,

    {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"},

#endif

    {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},

#ifndef OPENSSL_NO_TLSEXT

    {"servername", OPT_SERVERNAME, 's',

     "Set TLS extension servername in ClientHello"},

    {"tlsextdebug", OPT_TLSEXTDEBUG, '-',

#ifndef OPENSSL_NO_NEXTPROTONEG

    {"nextprotoneg", OPT_NEXTPROTONEG, 's',

     "Enable NPN extension, considering named protocols supported (comma-separated list)"},

# endif

#endif

    {"CRL", OPT_CRL, '<'},

    {"crl_download", OPT_CRL_DOWNLOAD, '-'},

#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)

    struct timeval tv;

#endif

#ifndef OPENSSL_NO_TLSEXT

    char *servername = NULL;

    const char *alpn_in = NULL;

    tlsextctx tlsextcbp = { NULL, 0 };

#ifndef OPENSSL_NO_NEXTPROTONEG

    const char *next_proto_neg_in = NULL;

#endif

#endif

#ifndef OPENSSL_NO_SRP

    char *srppass = NULL;

    int srp_lateuser = 0;

        case OPT_DEBUG:

            c_debug = 1;

            break;

#ifndef OPENSSL_NO_TLSEXT

        case OPT_TLSEXTDEBUG:

            c_tlsextdebug = 1;

            break;

        case OPT_STATUS:

            c_status_req = 1;

            break;

#endif

#ifdef WATT32

        case OPT_WDEBUG:

            dbug_init();

        case OPT_VERIFYCAFILE:

            vfyCAfile = opt_arg();

            break;

#ifndef OPENSSL_NO_TLSEXT

        case OPT_NEXTPROTONEG:

            next_proto_neg_in = opt_arg();

            break;

                }

            }

            break;

#endif

        case OPT_STARTTLS:

            if (!opt_pair(opt_arg(), services, &starttls_proto))

                goto end;

#ifndef OPENSSL_NO_TLSEXT

        case OPT_SERVERNAME:

            servername = opt_arg();

            /* meth=TLSv1_client_method(); */

            break;

#endif

#ifndef OPENSSL_NO_JPAKE

        case OPT_JPAKE:

            jpake_secret = opt_arg();

    }

#endif

#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

#if !defined(OPENSSL_NO_NEXTPROTONEG)

    next_proto.status = -1;

    if (next_proto_neg_in) {

        next_proto.data =

    if (exc)

        ssl_ctx_set_excert(ctx, exc);

#if !defined(OPENSSL_NO_TLSEXT)

#if !defined(OPENSSL_NO_NEXTPROTONEG)

    if (next_proto.data)

        SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);

        }

        OPENSSL_free(alpn);

    }

#endif

#ifndef OPENSSL_NO_TLSEXT

    for (i = 0; i < serverinfo_count; i++) {

        if (!SSL_CTX_add_client_custom_ext(ctx,

                                           serverinfo_types[i],

                    serverinfo_types[i]);

        }

    }

#endif

    if (state)

        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);

    if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))

        goto end;

#ifndef OPENSSL_NO_TLSEXT

    if (servername != NULL) {

        tlsextcbp.biodebug = bio_err;

        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

            SSL_CTX_set_srp_verify_param_callback(ctx,

                                                  ssl_srp_verify_param_cb);

    }

# endif

# endif

    con = SSL_new(ctx);

    if (fallback_scsv)

        SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);

#ifndef OPENSSL_NO_TLSEXT

    if (servername != NULL) {

        if (!SSL_set_tlsext_host_name(con, servername)) {

            BIO_printf(bio_err, "Unable to set TLS servername extension.\n");

            goto end;

        }

    }

#endif

 re_start:

#ifdef NO_SYS_UN_H

            SSL_set_msg_callback(con, msg_cb);

        SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out);

    }

#ifndef OPENSSL_NO_TLSEXT

    if (c_tlsextdebug) {

        SSL_set_tlsext_debug_callback(con, tlsext_cb);

        SSL_set_tlsext_debug_arg(con, bio_c_out);

        SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);

        SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);

    }

#endif

#ifndef OPENSSL_NO_JPAKE

    if (jpake_secret)

        jpake_client_auth(bio_c_out, sbio, jpake_secret);

            tty_on = 1;

            if (in_init) {

                in_init = 0;

#ifndef OPENSSL_NO_TLSEXT

                if (servername != NULL && !SSL_session_reused(con)) {

                    BIO_printf(bio_c_out,

                               "Server did %sacknowledge servername extension.\n",

                               tlsextcbp.ack ? "" : "not ");

                }

#endif

                if (sess_out) {

                    BIO *stmp = BIO_new_file(sess_out, "w");

                    if (stmp) {

            print_stuff(bio_c_out, con, 1);

        SSL_free(con);

    }

#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

#if !defined(OPENSSL_NO_NEXTPROTONEG)

    OPENSSL_free(next_proto.data);

#endif

    SSL_CTX_free(ctx);

    }

#endif

#if !defined(OPENSSL_NO_TLSEXT)

#if !defined(OPENSSL_NO_NEXTPROTONEG)

    if (next_proto.status != -1) {

        const unsigned char *proto;

        } else

            BIO_printf(bio, "No ALPN negotiated\n");

    }

#endif

#ifndef OPENSSL_NO_SRTP

    {

    (void)BIO_flush(bio);

}

#ifndef OPENSSL_NO_TLSEXT

static int ocsp_resp_cb(SSL *s, void *arg)

{

    const unsigned char *p;

    OCSP_RESPONSE_free(rsp);

    return 1;

}

#endif