apps/s_cb.c does not list all known tls extension types when
tlsextdebug is used (not even all supported one).
this patch adds missing extension types currently defined by
iana to ssl/tls1 and sapps/s_cb.c
the definitions are reordered.
the patch work for 1.0.1-beta3 and the two snapshots of 0309.
diff -c -r openssl-1.0.1-beta3/apps/s_cb.c openssl-1.0.1-beta3ps/apps/s_cb.c
*** openssl-1.0.1-beta3/apps/s_cb.c 2012-02-11 14:31:16.000000000 +0100
--- openssl-1.0.1-beta3ps/apps/s_cb.c 2012-03-09 11:06:38.912461930 +0100
***************
*** 686,691 ****
--- 686,707 ----
extname = "status request";
break;
+ case TLSEXT_TYPE_user_mapping:
+ extname = "user mapping";
+ break;
+
+ case TLSEXT_TYPE_client_authz:
+ extname = "client authz";
+ break;
+
+ case TLSEXT_TYPE_server_authz:
+ extname = "server authz";
+ break;
+
+ case TLSEXT_TYPE_cert_type:
+ extname = "cert type";
+ break;
+
case TLSEXT_TYPE_elliptic_curves:
extname = "elliptic curves";
break;
***************
*** 694,716 ****
extname = "EC point formats";
break;
! case TLSEXT_TYPE_session_ticket:
! extname = "server ticket";
! break;
!
! case TLSEXT_TYPE_renegotiate:
! extname = "renegotiate";
break;
case TLSEXT_TYPE_signature_algorithms:
extname = "signature algorithms";
break;
#ifdef TLSEXT_TYPE_opaque_prf_input
case TLSEXT_TYPE_opaque_prf_input:
extname = "opaque PRF input";
break;
#endif
default:
extname = "unknown";
--- 710,749 ----
extname = "EC point formats";
break;
! case TLSEXT_TYPE_srp:
! extname = "SRP";
break;
case TLSEXT_TYPE_signature_algorithms:
extname = "signature algorithms";
break;
+ case TLSEXT_TYPE_use_srtp:
+ extname = "use SRTP";
+ break;
+
+ case TLSEXT_TYPE_heartbeat:
+ extname = "heartbeat";
+ break;
+
+ case TLSEXT_TYPE_session_ticket:
+ extname = "session ticket";
+ break;
+
+ case TLSEXT_TYPE_renegotiate:
+ extname = "renegotiation info";
+ break;
+
#ifdef TLSEXT_TYPE_opaque_prf_input
case TLSEXT_TYPE_opaque_prf_input:
extname = "opaque PRF input";
break;
#endif
+ #ifdef TLSEXT_TYPE_next_proto_neg
+ case TLSEXT_TYPE_next_proto_neg:
+ extname = "next protocol";
+ break;
+ #endif
default:
extname = "unknown";
diff -c -r openssl-1.0.1-beta3/ssl/tls1.h openssl-1.0.1-beta3ps/ssl/tls1.h
*** openssl-1.0.1-beta3/ssl/tls1.h 2012-01-01 00:00:36.000000000 +0100
--- openssl-1.0.1-beta3ps/ssl/tls1.h 2012-03-09 11:06:46.300528079 +0100
***************
*** 197,216 ****
#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
! /* ExtensionType values from RFC3546 / RFC4366 */
#define TLSEXT_TYPE_server_name 0
#define TLSEXT_TYPE_max_fragment_length 1
#define TLSEXT_TYPE_client_certificate_url 2
#define TLSEXT_TYPE_trusted_ca_keys 3
#define TLSEXT_TYPE_truncated_hmac 4
#define TLSEXT_TYPE_status_request 5
/* ExtensionType values from RFC4492 */
#define TLSEXT_TYPE_elliptic_curves 10
#define TLSEXT_TYPE_ec_point_formats 11
/* ExtensionType value from RFC5054 */
#define TLSEXT_TYPE_srp 12
#define TLSEXT_TYPE_signature_algorithms 13
#define TLSEXT_TYPE_session_ticket 35
/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
#if 0 /* will have to be provided externally for now ,
* i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
--- 197,238 ----
#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
! /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
#define TLSEXT_TYPE_server_name 0
#define TLSEXT_TYPE_max_fragment_length 1
#define TLSEXT_TYPE_client_certificate_url 2
#define TLSEXT_TYPE_trusted_ca_keys 3
#define TLSEXT_TYPE_truncated_hmac 4
#define TLSEXT_TYPE_status_request 5
+ /* ExtensionType values from RFC4681 */
+ #define TLSEXT_TYPE_user_mapping 6
+
+ /* ExtensionType values from RFC5878 */
+ #define TLSEXT_TYPE_client_authz 7
+ #define TLSEXT_TYPE_server_authz 8
+
+ /* ExtensionType values from RFC6091 */
+ #define TLSEXT_TYPE_cert_type 9
+
/* ExtensionType values from RFC4492 */
#define TLSEXT_TYPE_elliptic_curves 10
#define TLSEXT_TYPE_ec_point_formats 11
+
/* ExtensionType value from RFC5054 */
#define TLSEXT_TYPE_srp 12
+
+ /* ExtensionType values from RFC5246 */
#define TLSEXT_TYPE_signature_algorithms 13
+
+ /* ExtensionType value from RFC5764 */
+ #define TLSEXT_TYPE_use_srtp 14
+
+ /* ExtensionType value from RFC5620 */
+ #define TLSEXT_TYPE_heartbeat 15
+
+ /* ExtensionType value from RFC4507 */
#define TLSEXT_TYPE_session_ticket 35
+
/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
#if 0 /* will have to be provided externally for now ,
* i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
***************
*** 253,264 ****
#define TLSEXT_hash_sha384 5
#define TLSEXT_hash_sha512 6
- /* ExtensionType value from RFC5764 */
- #define TLSEXT_TYPE_use_srtp 14
-
- /* Heartbeat extension */
- #define TLSEXT_TYPE_heartbeat 15
-
#ifndef OPENSSL_NO_TLSEXT
#define TLSEXT_MAXLEN_host_name 255
--- 275,280 ----
