BIO_clear_retry_flags(b);
-#if 0
- if (!SSL_is_init_finished(ssl)) {
-/* ret=SSL_do_handshake(ssl); */
- if (ret > 0) {
-
- outflags = (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
- ret = -1;
- goto end;
- }
- }
-#endif
-/* if (ret > 0) */
ret = SSL_read(ssl, out, outl);
switch (SSL_get_error(ssl, ret)) {
if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
-#if 0
-# define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
- long ii; \
- printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
- printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
- printf("\n"); }
-#endif
-
static unsigned char bitmask_start_values[] =
{ 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
static unsigned char bitmask_end_values[] =
BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
return code;
}
-#if 0 /* for now, each alert contains only one
- * record number */
- item = pqueue_peek(state->rcvd_records);
- if (item) {
- /* send an alert immediately for all the missing records */
- } else
-#endif
-
-#if 0 /* no more alert sending, just retransmit the
- * last set of messages */
- if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
- ssl3_send_alert(s, SSL3_AL_WARNING,
- DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
return dtls1_handle_timeout(s);
}
dtls1_hm_fragment_free(frag);
return 0;
}
-#if 0
- fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
- fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
- fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
-#endif
pqueue_insert(s->d1->sent_messages, item);
return 1;
/* clean a few things up */
ssl3_cleanup_key_block(s);
-#if 0
- if (s->init_buf != NULL) {
- BUF_MEM_free(s->init_buf);
- s->init_buf = NULL;
- }
-#endif
-
/*
* If we are not 'joining' the last two packets, remove the
* buffering now
}
data = (unsigned char *)s->init_msg;
-#if 0
- if (s->method->version != DTLS_ANY_VERSION &&
- ((data[0] != (s->version >> 8)) || (data[1] != (s->version & 0xff))))
- {
- SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
- s->version = (s->version & 0xff00) | data[1];
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
-#endif
data += 2;
cookie_len = *(data++);
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch);
-#if 0
-static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
- unsigned short *priority,
- unsigned long *offset);
-#endif
static int dtls1_buffer_record(SSL *s, record_pqueue *q,
unsigned char *priority);
static int dtls1_process_record(SSL *s);
return (1);
}
-#if 0
-
-static int dtls1_get_buffered_record(SSL *s)
-{
- pitem *item;
- PQ_64BIT priority =
- (((PQ_64BIT) s->d1->handshake_read_seq) << 32) |
- ((PQ_64BIT) s->d1->r_msg_hdr.frag_off);
-
- /* if we're not (re)negotiating, nothing buffered */
- if (!SSL_in_init(s))
- return 0;
-
- item = pqueue_peek(s->d1->rcvd_records);
- if (item && item->priority == priority) {
- /*
- * Check if we've received the record of interest. It must be a
- * handshake record, since data records as passed up without
- * buffering
- */
- DTLS1_RECORD_DATA *rdata;
- item = pqueue_pop(s->d1->rcvd_records);
- rdata = (DTLS1_RECORD_DATA *)item->data;
-
- if (s->s3->rbuf.buf != NULL)
- OPENSSL_free(s->s3->rbuf.buf);
-
- s->packet = rdata->packet;
- s->packet_length = rdata->packet_length;
- memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
- OPENSSL_free(item->data);
- pitem_free(item);
-
- /* s->d1->next_expected_seq_num++; */
- return (1);
- }
-
- return 0;
-}
-
-#endif
-
static int dtls1_process_record(SSL *s)
{
int i, al;
if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
-#if 0 /* worked only because C operator preferences
- * are not as expected (and because this is
- * not really needed for clients except for
- * detecting protocol violations): */
- s->state = SSL_ST_BEFORE | (s->server)
- ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
s->renegotiate = 1;
s->new_session = 1;
}
goto err;
}
- /* DTLS implements explicit IV, so no need for empty fragments */
-#if 0
- /*
- * 'create_empty_fragment' is true only when this function calls itself
- */
- if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
- {
- /*
- * countermeasure against known-IV weakness in CBC ciphersuites (see
- * http://www.openssl.org/~bodo/tls-cbc.txt)
- */
-
- if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
- /*
- * recursive function call with 'create_empty_fragment' set; this
- * prepares and buffers the data for an empty fragment (these
- * 'prefix_len' bytes are sent out later together with the actual
- * payload)
- */
- prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
- if (prefix_len <= 0)
- goto err;
-
- if (s->s3->wbuf.len <
- (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
- /* insufficient space */
- SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- s->s3->empty_fragment_done = 1;
- }
-#endif
p = wb->buf + prefix_len;
/* write the header */
wr->type = type; /* not needed but helps for debugging */
wr->length += DTLS1_RT_HEADER_LENGTH;
-#if 0 /* this is now done at the message layer */
- /* buffer the record, making it easy to handle retransmits */
- if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
- dtls1_buffer_record(s, wr->data, wr->length,
- *((PQ_64BIT *) & (s->s3->write_sequence[0])));
-#endif
-
ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
if (create_empty_fragment) {
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
s2n(s->d1->handshake_read_seq, ptr);
-# if 0
- if (s->d1->r_msg_hdr.frag_off == 0)
- /*
- * waiting for a new msg
- */
- else
- s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
-# endif
-
-# if 0
- fprintf(stderr,
- "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",
- s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
-# endif
l2n3(s->d1->r_msg_hdr.frag_off, ptr);
}
#endif
return NULL;
}
-#if 0
-static int
-dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
- unsigned short *priority, unsigned long *offset)
-{
-
- /* alerts are passed up immediately */
- if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT)
- return 0;
-
- /*
- * Only need to buffer if a handshake is underway. (this implies that
- * Hello Request and Client Hello are passed up immediately)
- */
- if (SSL_in_init(s)) {
- unsigned char *data = rr->data;
- /* need to extract the HM/CCS sequence number here */
- if (rr->type == SSL3_RT_HANDSHAKE ||
- rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
- unsigned short seq_num;
- struct hm_header_st msg_hdr;
- struct ccs_header_st ccs_hdr;
-
- if (rr->type == SSL3_RT_HANDSHAKE) {
- dtls1_get_message_header(data, &msg_hdr);
- seq_num = msg_hdr.seq;
- *offset = msg_hdr.frag_off;
- } else {
- dtls1_get_ccs_header(data, &ccs_hdr);
- seq_num = ccs_hdr.seq;
- *offset = 0;
- }
-
- /*
- * this is either a record we're waiting for, or a retransmit of
- * something we happened to previously receive (higher layers
- * will drop the repeat silently
- */
- if (seq_num < s->d1->handshake_read_seq)
- return 0;
- if (rr->type == SSL3_RT_HANDSHAKE &&
- seq_num == s->d1->handshake_read_seq &&
- msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
- return 0;
- else if (seq_num == s->d1->handshake_read_seq &&
- (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
- msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
- return 0;
- else {
- *priority = seq_num;
- return 1;
- }
- } else /* unknown record type */
- return 0;
- }
-
- return 0;
-}
-#endif
-
void dtls1_reset_seq_numbers(SSL *s, int rw)
{
unsigned char *seq;
"SRTP_AES128_CM_SHA1_32",
SRTP_AES128_CM_SHA1_32,
},
-# if 0
- {
- "SRTP_NULL_SHA1_80",
- SRTP_NULL_SHA1_80,
- },
- {
- "SRTP_NULL_SHA1_32",
- SRTP_NULL_SHA1_32,
- },
-# endif
{0}
};
/* clean a few things up */
ssl3_cleanup_key_block(s);
-#if 0
- BUF_MEM_free(s->init_buf);
- s->init_buf = NULL;
-#endif
-
/* remove buffering on output */
ssl_free_wbio_buffer(s);
return;
}
fprintf(stderr, "%s [%p]\n", label, (void *)adata);
-# if 0
- {
- int i;
- fprintf(stderr, "%s[at%d:%d] ", label, adata->ad_type, adata->length);
- for (i = 0; i < adata->length; i++) {
- fprintf(stderr, (isprint(adata->contents[i])) ? "%c " : "%02x",
- adata->contents[i]);
- }
- fprintf(stderr, "\n");
- }
-# endif
}
/*
buf = (unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
-#if 0
- /* don't reuse session-id's */
- if (!ssl_get_new_session(s, 0)) {
- return (-1);
- }
-#endif
-
p = s->s3->client_random;
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
return -1;
s->s3->rbuf.left = 0;
s->s3->rbuf.offset = 0;
}
-#if 0 /* ssl3_get_client_hello does this */
- s->client_version = (v[0] << 8) | v[1];
-#endif
s->handshake_func = s->method->ssl_accept;
} else {
/* bad, very bad */
* client_version in client hello and not resetting it to
* the negotiated version.
*/
-#if 0
- *(p++) = s->version >> 8;
- *(p++) = s->version & 0xff;
- s->client_version = s->version;
-#else
*(p++) = s->client_version >> 8;
*(p++) = s->client_version & 0xff;
-#endif
/* Random stuff */
memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
if (s->session->cipher)
s->session->cipher_id = s->session->cipher->id;
if (s->hit && (s->session->cipher_id != c->id)) {
-/* Workaround is now obsolete */
-#if 0
- if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
-#endif
- {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
- SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
- goto f_err;
- }
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+ goto f_err;
}
s->s3->tmp.new_cipher = c;
/*
/* get the CA RDNs */
n2s(p, llen);
-#if 0
- {
- FILE *out;
- out = fopen("/tmp/vsign.der", "w");
- fwrite(p, 1, llen, out);
- fclose(out);
- }
-#endif
if ((unsigned long)(p - d + llen) != n) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
#endif /* OPENSSL_NO_CAMELLIA */
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
- /* New TLS Export CipherSuites from expired ID */
-# if 0
- /* Cipher 60 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC4,
- SSL_MD5,
- SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 128,
- },
-
- /* Cipher 61 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- SSL_kRSA,
- SSL_aRSA,
- SSL_RC2,
- SSL_MD5,
- SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 128,
- },
-# endif
-
/* Cipher 62 */
{
1,
ssl_minor = *(p++);
version = (ssl_major << 8) | ssl_minor;
n2s(p, rr->length);
-#if 0
- fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
-#endif
/* Lets check version */
if (!s->first_packet) {
}
goto again;
}
-#if 0
- fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type,
- rr->length);
-#endif
return (1);
goto err;
}
-#if 0 && !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
- if (type == SSL3_RT_APPLICATION_DATA && s->compress == NULL &&
- !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
- EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
- EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
- do {
- unsigned char aad[13];
- EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param =
- { NULL, aad, sizeof(aad), 0 };
- int packlen;
-
- memcpy(aad, s->s3->write_sequence, 8);
- aad[8] = type;
- aad[9] = (unsigned char)(s->version >> 8);
- aad[10] = (unsigned char)(s->version);
- aad[11] = (unsigned char)(len >> 8);
- aad[12] = (unsigned char)len;
- packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
- sizeof(mb_param), &mb_param);
-
- if (packlen == 0 || packlen > wb->len)
- break;
-
- mb_param.out = wb->buf;
- mb_param.inp = buf;
- mb_param.len = len;
- EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
- sizeof(mb_param), &mb_param);
-
- s->s3->write_sequence[7] += mb_param.interleave;
- if (s->s3->write_sequence[7] < mb_param.interleave) {
- int j = 6;
- while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ;
- }
-
- wb->offset = 0;
- wb->left = packlen;
-
- /*
- * memorize arguments so that ssl3_write_pending can detect bad
- * write retries later
- */
- s->s3->wpend_tot = len;
- s->s3->wpend_buf = buf;
- s->s3->wpend_type = type;
- s->s3->wpend_ret = len;
-
- /* we now just need to write the buffer */
- return ssl3_write_pending(s, type, buf, len);
- } while (0);
-#endif
-
/*
* 'create_empty_fragment' is true only when this function calls itself
*/
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
-#if 0 /* worked only because C operator preferences
- * are not as expected (and because this is
- * not really needed for clients except for
- * detecting protocol violations): */
- s->state = SSL_ST_BEFORE | (s->server)
- ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
s->renegotiate = 1;
s->new_session = 1;
}
for (i = 0; i < SSL_PKEY_NUM; i++) {
if (sc->peer_pkeys[i].x509 != NULL)
X509_free(sc->peer_pkeys[i].x509);
-#if 0 /* We don't have the peer's private key.
- * These lines are just * here as a reminder
- * that we're still using a
- * not-quite-appropriate * data structure. */
+#if 0
+ /*
+ * We don't have the peer's private key. These lines are just
+ * here as a reminder that we're still using a not-quite-appropriate
+ * data structure.
+ */
if (sc->peer_pkeys[i].privatekey != NULL)
EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
#endif
}
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(&ctx, tls1_suiteb(s));
-#if 0
- if (SSL_get_verify_depth(s) >= 0)
- X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-#endif
X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
/*
s->hit = 0;
s->shutdown = 0;
-#if 0
- /*
- * Disabled since version 1.10 of this file (early return not
- * needed because SSL_clear is not called when doing renegotiation)
- */
- /*
- * This is set if we are doing dynamic renegotiation so keep
- * the old cipher. It is sort of a SSL_clear_lite :-)
- */
- if (s->renegotiate)
- return (1);
-#else
if (s->renegotiate) {
SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
return 0;
}
-#endif
s->type = 0;
s->client_version = s->version;
s->rwstate = SSL_NOTHING;
s->rstate = SSL_ST_READ_HEADER;
-#if 0
- s->read_ahead = s->ctx->read_ahead;
-#endif
if (s->init_buf != NULL) {
BUF_MEM_free(s->init_buf);
s->msg_callback_arg = ctx->msg_callback_arg;
s->verify_mode = ctx->verify_mode;
s->not_resumable_session_cb = ctx->not_resumable_session_cb;
-#if 0
- s->verify_depth = ctx->verify_depth;
-#endif
s->sid_ctx_length = ctx->sid_ctx_length;
OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
if (!s->param)
goto err;
X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-#if 0
- s->purpose = ctx->purpose;
- s->trust = ctx->trust;
-#endif
s->quiet_shutdown = ctx->quiet_shutdown;
s->max_send_fragment = ctx->max_send_fragment;
ret->references = 1;
ret->quiet_shutdown = 0;
-
-/* ret->cipher=NULL;*/
-/*-
- ret->s2->challenge=NULL;
- ret->master_key=NULL;
- ret->s2->conn_id=NULL; */
-
ret->info_callback = NULL;
-
ret->app_verify_callback = 0;
ret->app_verify_arg = NULL;
-
ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
ret->read_ahead = 0;
ret->msg_callback = 0;
ret->msg_callback_arg = NULL;
ret->verify_mode = SSL_VERIFY_NONE;
-#if 0
- ret->verify_depth = -1; /* Don't impose a limit (but x509_lu.c does) */
-#endif
ret->sid_ctx_length = 0;
ret->default_verify_callback = NULL;
if ((ret->cert = ssl_cert_new()) == NULL)
sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
if (a->extra_certs != NULL)
sk_X509_pop_free(a->extra_certs, X509_free);
-#if 0 /* This should never be done, since it
- * removes a global database */
- if (a->comp_methods != NULL)
- sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free);
-#else
a->comp_methods = NULL;
-#endif
#ifndef OPENSSL_NO_SRTP
if (a->srtp_profiles)
if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
emask_k |= SSL_kRSA;
-#if 0
- /* The match needs to be both kDHE and aRSA or aDSA, so don't worry */
- if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign))
- mask_k |= SSL_kDHE;
- if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
- (rsa_enc || rsa_sign || dsa_sign))
- emask_k |= SSL_kDHE;
-#endif
-
if (dh_tmp_export)
emask_k |= SSL_kDHE;
return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
case SSL_AD_INAPPROPRIATE_FALLBACK:
return (TLS1_AD_INAPPROPRIATE_FALLBACK);
-#if 0
- /* not appropriate for TLS, not used for DTLS */
- case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE:
- return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
default:
return (-1);
}
if (data + size > (d + n))
goto ri_check;
-# if 0
- fprintf(stderr, "Received extension type %d size %d\n", type, size);
-# endif
if (s->tlsext_debug_cb)
s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg);
if (type == TLSEXT_TYPE_renegotiate) {
memcpy(s->session->tlsext_ecpointformatlist, sdata,
ecpointformatlist_length);
}
-# if 0
- fprintf(stderr,
- "ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ",
- s->session->tlsext_ecpointformatlist_length);
- sdata = s->session->tlsext_ecpointformatlist;
- for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
- fprintf(stderr, "%i ", *(sdata++));
- fprintf(stderr, "\n");
-# endif
} else if (type == TLSEXT_TYPE_elliptic_curves) {
unsigned char *sdata = data;
int ellipticcurvelist_length = (*(sdata++) << 8);
memcpy(s->session->tlsext_ellipticcurvelist, sdata,
ellipticcurvelist_length);
}
-# if 0
- fprintf(stderr,
- "ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ",
- s->session->tlsext_ellipticcurvelist_length);
- sdata = s->session->tlsext_ellipticcurvelist;
- for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
- fprintf(stderr, "%i ", *(sdata++));
- fprintf(stderr, "\n");
-# endif
}
# endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket) {
memcpy(s->session->tlsext_ecpointformatlist, sdata,
ecpointformatlist_length);
}
-# if 0
- fprintf(stderr,
- "ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
- sdata = s->session->tlsext_ecpointformatlist;
- for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
- fprintf(stderr, "%i ", *(sdata++));
- fprintf(stderr, "\n");
-# endif
}
# endif /* OPENSSL_NO_EC */
(msg[3] << 8 | msg[4]),
(msg[5] << 8 | msg[6]),
(msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10]));
-# if 0
- /*
- * Just print handshake type so we can see what is going on
- * during fragmentation.
- */
- BIO_printf(bio, "(%s)\n",
- ssl_trace_str(msg[msglen], ssl_handshake_tbl));
-# endif
}
BIO_printf(bio, " Content Type = %s (%d)\n Length = %d",
projects / oweals / openssl.git / commitdiff