Implement the Opaque PRF Input TLS extension (draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.

commit: 761772d7e19145fa9afb2a0c830ead69a33f3fa5 [log] [tgz]
author: Bodo Möller <bodo@openssl.org> Fri Sep 21 06:54:24 2007 +0000
committer: Bodo Möller <bodo@openssl.org> Fri Sep 21 06:54:24 2007 +0000
tree: f6fbfed11e54a5286025bf235889cca1cb87d503
parent: 54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 [diff] [blame]
diff --git a/apps/s_server.c b/apps/s_server.c
index 328fcaf..0cfdf6a 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c

@@ -1575,6 +1575,11 @@
 						 strlen((char *)context));
 	}
 	SSL_clear(con);
+#if 0
+#ifdef TLSEXT_TYPE_opaque_prf_input
+	SSL_set_tlsext_opaque_prf_input(con, "Test server", 1);
+#endif
+#endif
 
 	if (SSL_version(con) == DTLS1_VERSION)
 		{
commit	761772d7e19145fa9afb2a0c830ead69a33f3fa5	[log] [tgz]
author	Bodo Möller <bodo@openssl.org>	Fri Sep 21 06:54:24 2007 +0000
committer	Bodo Möller <bodo@openssl.org>	Fri Sep 21 06:54:24 2007 +0000
tree	f6fbfed11e54a5286025bf235889cca1cb87d503
parent	54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 [diff] [blame]