diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-12-16 20:25:59 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-12-16 20:25:59 +0000 |
| commit | ef51b4b9b469fc93a91de47b63a143a3c60c5530 (patch) | |
| tree | 41aa22b18fc09720e33516ba30082b786d08ce51 /apps | |
| parent | c27c9cb4f7ab74d772521fd927918f354724c2fc (diff) | |
| download | openssl-ef51b4b9b469fc93a91de47b63a143a3c60c5530.zip openssl-ef51b4b9b469fc93a91de47b63a143a3c60c5530.tar.gz openssl-ef51b4b9b469fc93a91de47b63a143a3c60c5530.tar.bz2 | |
New option to enable/disable connection to unpatched servers
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/s_client.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index a52e728..484d009 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -383,7 +383,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { - int off=0; + unsigned int off=0, clr=0; SSL *con=NULL; int s,k,width,state=0; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; @@ -666,6 +666,10 @@ int MAIN(int argc, char **argv) off|=SSL_OP_CIPHER_SERVER_PREFERENCE; else if (strcmp(*argv,"-legacy_renegotiation") == 0) off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv,"-legacy_server_connect") == 0) + { off|=SSL_OP_LEGACY_SERVER_CONNECT; } + else if (strcmp(*argv,"-no_legacy_server_connect") == 0) + { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -876,6 +880,9 @@ bad: SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else SSL_CTX_set_options(ctx,off); + + if (clr) + SSL_CTX_clear_options(ctx, clr); /* DTLS: partial reads end up discarding unread UDP bytes :-( * Setting read ahead solves this problem. */ |