More TLS extension related changes.

Submitted by: Peter Sylvester
author: Bodo Möller <bodo@openssl.org> 2006-01-11 06:10:40 +0000
committer: Bodo Möller <bodo@openssl.org> 2006-01-11 06:10:40 +0000
commit: 241520e66d3ece1054beae93ff96978d0299cae4 (patch)
tree: 11e6149f50fb9e45aaba9635a138c93059c1c988 /apps/s_server.c
parent: a13c20f60353d3cd3fdd4f23563819eeb4234528 (diff)
download: openssl-241520e66d3ece1054beae93ff96978d0299cae4.tar.gz
1 files changed, 10 insertions, 9 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index e07f3dd20e..583bfccd5c 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -367,7 +367,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 #ifndef OPENSSL_NO_TLSEXT
 	BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
-	BIO_printf(bio_err," -servername_warn - on mismatch send warning (default fatal alert)\n");
+	BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
 	BIO_printf(bio_err," -cert2 arg    - certificate file to use for servername\n");
 	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT2);
 	BIO_printf(bio_err," -key2 arg     - Private Key file to use for servername, in cert file if\n");
@@ -534,7 +534,7 @@ static int ebcdic_puts(BIO *bp, const char *str)
 typedef struct tlsextctx_st {
    char * servername;
    BIO * biodebug;
-   int servername_warn;
+   int extension_error;
 } tlsextctx;
 
 
@@ -546,18 +546,19 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
 		BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);
         
 	if (!p->servername)
-		return 1;
+		return SSL_TLSEXT_ERR_NOACK;
 	
 	if (servername)
 		{
     		if (strcmp(servername,p->servername)) 
-			return  p->servername_warn;
-		if (ctx2) {
+			return p->extension_error;
+		if (ctx2)
+			{
 			BIO_printf(p->biodebug,"Swiching server context.\n");
 			SSL_set_SSL_CTX(s,ctx2);
 			}     
 		}
-	return 1;
+	return SSL_TLSEXT_ERR_OK;
 }
 #endif
 
@@ -597,7 +598,7 @@ int MAIN(int argc, char *argv[])
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
-        tlsextctx tlsextcbp = {NULL, NULL, -1};
+        tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
 #endif
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_server_method();
@@ -846,8 +847,8 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			tlsextcbp.servername= *(++argv);
 			}
-		else if (strcmp(*argv,"-servername_warn") == 0)
-			{ tlsextcbp.servername_warn = 0; }
+		else if (strcmp(*argv,"-servername_fatal") == 0)
+			{ tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }
 		else if	(strcmp(*argv,"-cert2") == 0)
 			{
 			if (--argc < 1) goto bad;
author	Bodo Möller <bodo@openssl.org>	2006-01-11 06:10:40 +0000
committer	Bodo Möller <bodo@openssl.org>	2006-01-11 06:10:40 +0000
commit	241520e66d3ece1054beae93ff96978d0299cae4 (patch)
tree	11e6149f50fb9e45aaba9635a138c93059c1c988 /apps/s_server.c
parent	a13c20f60353d3cd3fdd4f23563819eeb4234528 (diff)
download	openssl-241520e66d3ece1054beae93ff96978d0299cae4.tar.gz