diff options
author | Scott Deboy <sdeboy@secondstryke.com> | 2013-06-18 14:34:38 -0700 |
---|---|---|
committer | Ben Laurie <ben@links.org> | 2013-09-06 13:59:13 +0100 |
commit | 36086186a9b90cdad0d2cd0a598a10f03f8f4bcc (patch) | |
tree | a145840fa49b4951e052274b00a6cd9296964954 /doc/apps | |
parent | cda01d55ba9f238d8892c8e909580030ea5b3ebd (diff) | |
download | openssl-36086186a9b90cdad0d2cd0a598a10f03f8f4bcc.tar.gz |
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
Diffstat (limited to 'doc/apps')
-rw-r--r-- | doc/apps/s_client.pod | 11 | ||||
-rw-r--r-- | doc/apps/s_server.pod | 18 |
2 files changed, 28 insertions, 1 deletions
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index a37c4e2b7c..85e5b9cecb 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -45,6 +45,8 @@ B<openssl> B<s_client> [B<-sess_in filename>] [B<-rand file(s)>] [B<-serverinfo types>] +[B<-auth>] +[B<-auth_require_reneg>] =head1 DESCRIPTION @@ -272,6 +274,15 @@ a list of comma-separated TLS Extension Types (numbers between 0 and The server's response (if any) will be encoded and displayed as a PEM file. +=item B<-auth> + +send RFC 5878 client and server authorization extensions in the Client Hello as well as +supplemental data if the server also sent the authorization extensions in the Server Hello. + +=item B<-auth_require_reneg> + +only send RFC 5878 client and server authorization extensions during renegotiation. + =back =head1 CONNECTED COMMANDS diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index cd167d11bc..ddfc27de4e 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -57,7 +57,9 @@ B<openssl> B<s_server> [B<-id_prefix arg>] [B<-rand file(s)>] [B<-serverinfo file>] - +[B<-auth>] +[B<-auth_require_reneg>] +[B<-no_resumption_on_reneg>] =head1 DESCRIPTION The B<s_server> command implements a generic SSL/TLS server which listens @@ -315,6 +317,20 @@ followed by "length" bytes of extension data). If the client sends an empty TLS ClientHello extension matching the type, the corresponding ServerHello extension will be returned. +=item B<-auth> + +send RFC 5878 client and server authorization extensions in the Client Hello as well as +supplemental data if the server also sent the authorization extensions in the Server Hello. + +=item B<-auth_require_reneg> + +only send RFC 5878 client and server authorization extensions during renegotiation. + +=item B<-no_resumption_on_reneg> + +set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Required in order to receive supplemental data +during renegotiation if auth and auth_require_reneg are set. + =back =head1 CONNECTED COMMANDS |