commit a398f821fa98b9923a426cf45b268cf4d56c89bd
author Trevor <trevp@trevp.net> Sun May 12 18:55:27 2013 -0700
committer Ben Laurie <ben@links.org> Wed Jun 12 17:01:13 2013 +0100
tree 7bedc4b2a027f86e9d2d8cd9b4814ebddaf0c39e
parent 6d84daa5d665e0de30c3d970cab65e8ade4d5b14

Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

ssl/ssltest.c

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index db87b1a..f67c7ea 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -370,6 +370,41 @@
 	}
 #endif
 
+#define SCT_EXT_TYPE 18
+#define TACK_EXT_TYPE 62208
+
+/* These set from cmdline */
+char* serverinfo_file = NULL;
+int serverinfo_sct = 0;
+int serverinfo_tack = 0;
+int serverinfo_sct_seen = 0;
+int serverinfo_tack_seen = 0;
+int serverinfo_other_seen = 0;
+
+static int serverinfo_cli_cb(SSL* s, unsigned short ext_type,
+												     const unsigned char* in, unsigned short inlen, 
+												     int* al, void* arg)
+	{
+		if (ext_type == SCT_EXT_TYPE)
+			serverinfo_sct_seen++;
+		else if (ext_type == TACK_EXT_TYPE)
+			serverinfo_tack_seen++;
+		else
+			serverinfo_other_seen++;
+		return 1;
+	}
+
+static int verify_serverinfo()
+	{
+	if (serverinfo_sct != serverinfo_sct_seen)
+		return -1;
+	if (serverinfo_tack != serverinfo_tack_seen)
+		return -1;
+	if (serverinfo_other_seen)
+		return -1;
+	return 0;
+	}
+
 static char *cipher=NULL;
 static int verbose=0;
 static int debug=0;
@@ -449,6 +484,9 @@
 	fprintf(stderr," -npn_server - have server side offer NPN\n");
 	fprintf(stderr," -npn_server_reject - have server reject NPN\n");
 #endif
+	fprintf(stderr," -serverinfo_file - have server use this file\n");
+	fprintf(stderr," -serverinfo_sct  - have client offer and expect SCT\n");
+	fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
 	}
 
 static void print_details(SSL *c_ssl, const char *prefix)
@@ -861,6 +899,19 @@
 			npn_server_reject = 1;
 			}
 #endif
+		else if (strcmp(*argv,"-serverinfo_sct") == 0)
+			{
+			serverinfo_sct = 1;
+			}
+		else if (strcmp(*argv,"-serverinfo_tack") == 0)
+			{
+			serverinfo_tack = 1;
+			}
+		else if (strcmp(*argv,"-serverinfo_file") == 0)
+			{
+			if (--argc < 1) goto bad;
+			serverinfo_file = *(++argv);
+			}
 		else
 			{
 			fprintf(stderr,"unknown option %s\n",*argv);
@@ -1186,6 +1237,18 @@
 		}
 #endif
 
+	if (serverinfo_sct)
+		SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL, serverinfo_cli_cb, NULL);
+	if (serverinfo_tack)
+		SSL_CTX_set_custom_cli_ext(c_ctx, TACK_EXT_TYPE, NULL, serverinfo_cli_cb, NULL);
+
+	if (serverinfo_file)
+		if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file))
+			{
+			BIO_printf(bio_err, "missing serverinfo file\n");
+			goto end;
+			}
+
 	c_ssl=SSL_new(c_ctx);
 	s_ssl=SSL_new(s_ctx);
 
@@ -1643,6 +1706,12 @@
 		goto end;
 		}
 #endif
+	if (verify_serverinfo() < 0)
+		{
+		ret = 1;
+		goto err;
+		}
+
 end:
 	ret = 0;
 
@@ -1945,6 +2014,11 @@
 		goto err;
 		}
 #endif
+	if (verify_serverinfo() < 0)
+		{
+		ret = 1;
+		goto err;
+		}
 	ret=0;
 err:
 	/* We have to set the BIO's to NULL otherwise they will be