Add support for magic cipher suite value (MCSV). Make secure renegotiation work in SSLv3: initial handshake has no extensions but includes MCSV, if server indicates RI support then renegotiation handshakes include RI. NB: current MCSV value is bogus for testing only, will be updated when we have an official value. Change mismatch alerts to handshake_failure as required by spec. Also have some debugging fprintfs so we can clearly see what is going on if OPENSSL_RI_DEBUG is set.

commit: 13f6d57b1ef964f2b9cbd8f68783884caef0e5cb [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Tue Dec 08 13:14:03 2009 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Tue Dec 08 13:14:03 2009 +0000
tree: 0e8b01c5c5428bc3aa4a9f56ed3e7f1b9ed11b1c
parent: 8025e2511381152bbe517c1819922ead5bd106e6 [diff] [blame]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 44f09b8..3d40ba4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -912,7 +912,7 @@
 
 #ifndef OPENSSL_NO_TLSEXT
 	/* TLS extensions*/
-	if (s->version > SSL3_VERSION)
+	if (s->version >= SSL3_VERSION)
 		{
 		if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
 			{
commit	13f6d57b1ef964f2b9cbd8f68783884caef0e5cb	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Tue Dec 08 13:14:03 2009 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Tue Dec 08 13:14:03 2009 +0000
tree	0e8b01c5c5428bc3aa4a9f56ed3e7f1b9ed11b1c
parent	8025e2511381152bbe517c1819922ead5bd106e6 [diff] [blame]