diff options
author | Trevor <unsafe@trevp.net> | 2013-06-13 22:36:45 -0700 |
---|---|---|
committer | Ben Laurie <ben@links.org> | 2013-06-18 16:13:08 +0100 |
commit | 9cd50f738ff55eae2a64f872492d3a7ce115f18d (patch) | |
tree | ff3b9868dd02aa7b632d82a8f9ff9f7c0d8ebc18 /doc | |
parent | 8ee3c7e676c5edb1d5fbe0d66b7ce307a4f92899 (diff) | |
download | openssl-9cd50f738ff55eae2a64f872492d3a7ce115f18d.tar.gz |
Cleanup of custom extension stuff.
serverinfo rejects non-empty extensions.
Omit extension if no relevant serverinfo data.
Improve error-handling in serverinfo callback.
Cosmetic cleanups.
s_client documentation.
s_server documentation.
SSL_CTX_serverinfo documentation.
Cleaup -1 and NULL callback handling for custom extensions, add tests.
Cleanup ssl_rsa.c serverinfo code.
Whitespace cleanup.
Improve comments in ssl.h for serverinfo.
Whitespace.
Cosmetic cleanup.
Reject non-zero-len serverinfo extensions.
Whitespace.
Make it build.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/s_client.pod | 8 | ||||
-rw-r--r-- | doc/apps/s_server.pod | 9 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_use_serverinfo.pod | 45 |
3 files changed, 62 insertions, 0 deletions
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 32476acfc3..e8cc8712d2 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -43,6 +43,7 @@ B<openssl> B<s_client> [B<-sess_out filename>] [B<-sess_in filename>] [B<-rand file(s)>] +[B<-serverinfo types>] =head1 DESCRIPTION @@ -256,6 +257,13 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-serverinfo types> + +a list of comma-separated TLS Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello TLS Extension. +The server's response (if any) will be encoded and displayed as a PEM +file. + =back =head1 CONNECTED COMMANDS diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 2a08ee25e0..cd167d11bc 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -56,6 +56,7 @@ B<openssl> B<s_server> [B<-no_ticket>] [B<-id_prefix arg>] [B<-rand file(s)>] +[B<-serverinfo file>] =head1 DESCRIPTION @@ -306,6 +307,14 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-serverinfo file> + +a file containing one or more blocks of PEM data. Each PEM block +must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, +followed by "length" bytes of extension data). If the client sends +an empty TLS ClientHello extension matching the type, the corresponding +ServerHello extension will be returned. + =back =head1 CONNECTED COMMANDS diff --git a/doc/ssl/SSL_CTX_use_serverinfo.pod b/doc/ssl/SSL_CTX_use_serverinfo.pod new file mode 100644 index 0000000000..485b813b83 --- /dev/null +++ b/doc/ssl/SSL_CTX_use_serverinfo.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + +SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); + + int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +=head1 DESCRIPTION + +These functions load "serverinfo" TLS ServerHello Extensions into the SSL_CTX. +A "serverinfo" extension is returned in response to an empty ClientHello +Extension. + +SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from +a byte array into B<ctx>. The extensions must be concatenated into a +sequence of bytes. Each extension must consist of a 2-byte Extension Type, +a 2-byte length, and then length bytes of extension_data. + +SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from +B<file> into B<ctx>. The extensions must be in PEM format. Each extension +must consist of a 2-byte Extension Type, a 2-byte length, and then length +bytes of extension_data. + +=head1 NOTES + +=head1 RETURN VALUES + +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. + +=head1 SEE ALSO + +=head1 HISTORY + + +=cut |