Various changes in the new TLS extension code, including the following:

 Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]

  *) Add support for TLS extensions, specifically for the HostName extension.

     The SSL_SESSION, SSL_CTX, and SSL data structures now have new members

     for HostName support.

  *) Add support for TLS extensions, specifically for the HostName extension

     so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now have new

     members for HostName support.

     New functions (subject to change):

         SSL_get_servername()

         SSL_get_servername_type()

         SSL_set_SSL_CTX()

     New CTRL codes and macros (subject to change):

         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB

                                 - SSL_CTX_set_tlsext_servername_callback()

         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG

                                      - SSL_CTX_set_tlsext_servername_arg()

         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_hostname()

         SSL_CTRL_GET_TLSEXT_HOSTNAME     [similar to SSL_get_servername()]

         SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE

                                         - SSL_set_tlsext_servername_done()

     openssl s_client has a new '-servername' option.

     openssl s_server has new options '-servername', '-cert2', and '-key2';

     this allows testing the HostName extension for a specific single

     host name ('-cert' and '-key' remain fallbacks for handshakes without

     HostName negotiation).

     openssl s_server has new options '-servername', '-cert2', and '-key2'

     (subject to change); this allows testing the HostName extension for a

     specific single host name ('-cert' and '-key' remain fallbacks for

     handshakes without HostName negotiation).

     [Peter Sylvester]

	$disabled{"tls1"} = "forced";

	}

if (defined($disabled{"tls1"}))

	{

	$disabled{"tlsext"} = "forced";

	}

if ($target eq "TABLE") {

	foreach $target (sort keys %table) {

static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)

	{

	tlsextctx * p = (tlsextctx *) arg;

	const unsigned char * hn= SSL_get_servername(s, TLSEXT_TYPE_SERVER_host);

	const unsigned char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);

	if (SSL_get_servername_type(s) != -1) 

 	        p->ack = !SSL_session_reused(s) && hn != NULL;

	else 

		BIO_printf(bio_err,"SSL_get_tlsext_hostname does not work\n");

		BIO_printf(bio_err,"Can't use SSL_get_servername\n");

	return SSL_ERROR_NONE;

	}

static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)

	{

	tlsextctx * p = (tlsextctx *) arg;

	const char * servername = SSL_get_servername(s, TLSEXT_TYPE_SERVER_host);

	const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);

        if (servername) 

		BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);

#endif

#endif

	if (cipher != NULL) {

		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {

	if (cipher != NULL)

		{

		if(!SSL_CTX_set_cipher_list(ctx,cipher))

			{

			BIO_printf(bio_err,"error setting cipher list\n");

			ERR_print_errors(bio_err);

			goto end;

		SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,

			sizeof s_server_session_id_context);

		}

		tlsextcbp.biodebug = bio_s_out;

		SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);

		SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);

		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);

		}

#endif

	if (CAfile != NULL)

		{

		SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));

 * copied and put under another distribution licence

 * [including the GNU Public Licence.]

 */

/* ====================================================================

 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer. 

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    openssl-core@openssl.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 * ====================================================================

 *

 * This product includes cryptographic software written by Eric Young

 * (eay@cryptsoft.com).  This product includes software written by Tim

 * Hudson (tjh@cryptsoft.com).

 *

 */

#include <stdio.h>

#include "ssl_locl.h"

#ifdef OPENSSL_NO_COMP

			*(p++)=1;

#else

			if ((s->options & SSL_OP_NO_COMPRESSION)

						|| !s->ctx->comp_methods)

				j=0;

				}

#endif

			*(p++)=0; /* Add the NULL method */

#ifndef OPENSSL_NO_TLSEXT

			if ((p = ssl_add_ClientHello_TLS_extensions(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

			if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)

				{

				SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);

				return -1;

#endif

			l = p-d;

			*p = 42;

			/* fill in 4-byte handshake header */

			d=&(buf[5]);