Add DTLS-SRTP.
diff --git a/apps/s_client.c b/apps/s_client.c
index ef45e43..5527dc2 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -359,6 +359,7 @@
# endif
#endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+ BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
}
#ifndef OPENSSL_NO_TLSEXT
@@ -487,6 +488,7 @@
}
#endif
+ char *srtp_profiles = NULL;
# ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
@@ -935,7 +937,12 @@
jpake_secret = *++argv;
}
#endif
- else
+ else if (strcmp(*argv,"-use_srtp") == 0)
+ {
+ if (--argc < 1) goto bad;
+ srtp_profiles = *(++argv);
+ }
+ else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badop=1;
@@ -1105,6 +1112,8 @@
BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
}
+ if (srtp_profiles != NULL)
+ SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
if (bugs)
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
@@ -2027,6 +2036,14 @@
}
#endif
+ {
+ SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
+
+ if(srtp_profile)
+ BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
+ srtp_profile->name);
+ }
+
SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n");
if (peer != NULL)
