make update

[oweals/openssl.git] / apps / s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index 86b5f6e45b22a1e2384ae9a6ccfeceac81024276..54a32ece6bfac7b92e87ba98e7e2df06ad6c9132 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -287,7 +287,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
-       int off=0;
+       int off=0, clr = 0;
        SSL *con=NULL,*con2=NULL;
        X509_STORE *store = NULL;
        int s,k,width,state=0;
@@ -345,13 +345,7 @@ int MAIN(int argc, char **argv)
        char *jpake_secret = NULL;
 #endif
 
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
-       meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
-       meth=SSLv2_client_method();
-#endif
 
        apps_startup();
        c_Pause=0;
@@ -539,6 +533,10 @@ int MAIN(int argc, char **argv)
                        off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
                else if (strcmp(*argv,"-legacy_renegotiation") == 0)
                        off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+               else if (strcmp(*argv,"-legacy_server_connect") == 0)
+                       { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+               else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
+                       { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -713,6 +711,9 @@ bad:
                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
        else
                SSL_CTX_set_options(ctx,off);
+
+       if (clr)
+               SSL_CTX_clear_options(ctx, clr);
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
         * Setting read ahead solves this problem.
         */