openssl-0.9.8x-tls-extensions.patch revision 252190
1139823SimpThis patch adds support for TLS SessionTicket extension (RFC 5077) for 2133920Sandrethe parts used by EAP-FAST (RFC 4851). 3133920Sandre 4133920SandreThis is based on the patch from Alexey Kobozev <akobozev@cisco.com> 5133920Sandre(sent to openssl-dev mailing list on Tue, 07 Jun 2005 15:40:58 +0300). 6133920Sandre 7133920SandreOpenSSL 0.9.8x does not enable TLS extension support by default, so it 8133920Sandrewill need to be enabled by adding enable-tlsext to config script 9133920Sandrecommand line. 10133920Sandre 11133920Sandre 12133920Sandrediff -upr openssl-0.9.8x.orig/ssl/s3_clnt.c openssl-0.9.8x/ssl/s3_clnt.c 13133920Sandre--- openssl-0.9.8x.orig/ssl/s3_clnt.c 2011-12-26 21:38:28.000000000 +0200 14133920Sandre+++ openssl-0.9.8x/ssl/s3_clnt.c 2012-07-07 10:46:31.501140621 +0300 15133920Sandre@@ -757,6 +757,21 @@ int ssl3_get_server_hello(SSL *s) 16133920Sandre goto f_err; 17133920Sandre } 18133920Sandre 19133920Sandre+#ifndef OPENSSL_NO_TLSEXT 20133920Sandre+ /* check if we want to resume the session based on external pre-shared secret */ 21133920Sandre+ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) 22133920Sandre+ { 23133920Sandre+ SSL_CIPHER *pref_cipher=NULL; 24133920Sandre+ s->session->master_key_length=sizeof(s->session->master_key); 25133920Sandre+ if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, 26133920Sandre+ NULL, &pref_cipher, s->tls_session_secret_cb_arg)) 27172467Ssilby+ { 28172467Ssilby+ s->session->cipher=pref_cipher ? 29172467Ssilby+ pref_cipher : ssl_get_cipher_by_char(s,p+j); 30134346Sru+ } 31133920Sandre+ } 32133920Sandre+#endif /* OPENSSL_NO_TLSEXT */ 33133920Sandre+ 34133920Sandre if (j != 0 && j == s->session->session_id_length 35133920Sandre && memcmp(p,s->session->session_id,j) == 0) 36133920Sandre { 37134383Sandre@@ -2725,11 +2740,8 @@ int ssl3_check_finished(SSL *s) 38152928Sume { 39133920Sandre int ok; 40133920Sandre long n; 41133920Sandre- /* If we have no ticket or session ID is non-zero length (a match of 42133920Sandre- * a non-zero session length would never reach here) it cannot be a 43133920Sandre- * resumed session. 44133920Sandre- */ 45133920Sandre- if (!s->session->tlsext_tick || s->session->session_id_length) 46133920Sandre+ /* If we have no ticket it cannot be a resumed session. */ 47133920Sandre+ if (!s->session->tlsext_tick) 48133920Sandre return 1; 49133920Sandre /* this function is called when we really expect a Certificate 50133920Sandre * message, so permit appropriate message length */ 51133920Sandrediff -upr openssl-0.9.8x.orig/ssl/s3_srvr.c openssl-0.9.8x/ssl/s3_srvr.c 52133920Sandre--- openssl-0.9.8x.orig/ssl/s3_srvr.c 2012-02-16 17:21:17.000000000 +0200 53133920Sandre+++ openssl-0.9.8x/ssl/s3_srvr.c 2012-07-07 10:46:31.501140621 +0300 54133920Sandre@@ -1009,6 +1009,59 @@ int ssl3_get_client_hello(SSL *s) 55133920Sandre SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); 56133920Sandre goto err; 57133920Sandre } 58133920Sandre+ 59133920Sandre+ /* Check if we want to use external pre-shared secret for this 60133920Sandre+ * handshake for not reused session only. We need to generate 61133920Sandre+ * server_random before calling tls_session_secret_cb in order to allow 62133920Sandre+ * SessionTicket processing to use it in key derivation. */ 63133920Sandre+ { 64141351Sglebius+ unsigned long Time; 65141351Sglebius+ unsigned char *pos; 66133920Sandre+ Time=(unsigned long)time(NULL); /* Time */ 67133920Sandre+ pos=s->s3->server_random; 68158470Smlaier+ l2n(Time,pos); 69158470Smlaier+ if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0) 70158470Smlaier+ { 71158470Smlaier+ al=SSL_AD_INTERNAL_ERROR; 72133920Sandre+ goto f_err; 73158470Smlaier+ } 74158470Smlaier+ } 75133920Sandre+ 76133920Sandre+ if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) 77133920Sandre+ { 78136714Sandre+ SSL_CIPHER *pref_cipher=NULL; 79136714Sandre+ 80136714Sandre+ s->session->master_key_length=sizeof(s->session->master_key); 81141351Sglebius+ if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, 82141351Sglebius+ ciphers, &pref_cipher, s->tls_session_secret_cb_arg)) 83141351Sglebius+ { 84136714Sandre+ s->hit=1; 85136714Sandre+ s->session->ciphers=ciphers; 86133920Sandre+ s->session->verify_result=X509_V_OK; 87133920Sandre+ 88133920Sandre+ ciphers=NULL; 89133920Sandre+ 90135920Smlaier+ /* check if some cipher was preferred by call back */ 91135920Smlaier+ pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); 92133920Sandre+ if (pref_cipher == NULL) 93133920Sandre+ { 94141351Sglebius+ al=SSL_AD_HANDSHAKE_FAILURE; 95133920Sandre+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER); 96133920Sandre+ goto f_err; 97133920Sandre+ } 98140224Sglebius+ 99133920Sandre+ s->session->cipher=pref_cipher; 100133920Sandre+ 101133920Sandre+ if (s->cipher_list) 102133920Sandre+ sk_SSL_CIPHER_free(s->cipher_list); 103133920Sandre+ 104133920Sandre+ if (s->cipher_list_by_id) 105133920Sandre+ sk_SSL_CIPHER_free(s->cipher_list_by_id); 106133920Sandre+ 107173399Soleg+ s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); 108173399Soleg+ s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); 109173399Soleg+ } 110173399Soleg+ } 111173399Soleg #endif 112173399Soleg /* Worst case, we will use the NULL compression, but if we have other 113173399Soleg * options, we will now look for them. We have i-1 compression 114173399Soleg@@ -1147,16 +1200,22 @@ int ssl3_send_server_hello(SSL *s) 115173399Soleg unsigned char *buf; 116173399Soleg unsigned char *p,*d; 117138652Sglebius int i,sl; 118138652Sglebius- unsigned long l,Time; 119133920Sandre+ unsigned long l; 120133920Sandre+#ifdef OPENSSL_NO_TLSEXT 121133920Sandre+ unsigned long Time; 122133920Sandre+#endif 123133920Sandre 124133920Sandre if (s->state == SSL3_ST_SW_SRVR_HELLO_A) 125133920Sandre { 126133920Sandre buf=(unsigned char *)s->init_buf->data; 127133920Sandre+#ifdef OPENSSL_NO_TLSEXT 128135920Smlaier p=s->s3->server_random; 129133920Sandre+ /* Generate server_random if it was not needed previously */ 130133920Sandre Time=(unsigned long)time(NULL); /* Time */ 131140224Sglebius l2n(Time,p); 132133920Sandre if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 133140224Sglebius return -1; 134140224Sglebius+#endif 135133920Sandre /* Do the message type and length last */ 136140224Sglebius d=p= &(buf[4]); 137140224Sglebius 138140224Sglebiusdiff -upr openssl-0.9.8x.orig/ssl/ssl_err.c openssl-0.9.8x/ssl/ssl_err.c 139140224Sglebius--- openssl-0.9.8x.orig/ssl/ssl_err.c 2012-03-12 16:50:55.000000000 +0200 140133920Sandre+++ openssl-0.9.8x/ssl/ssl_err.c 2012-07-07 10:46:31.501140621 +0300 141133920Sandre@@ -264,6 +264,7 @@ static ERR_STRING_DATA SSL_str_functs[]= 142133920Sandre {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, 143133920Sandre {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, 144133920Sandre {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, 145133920Sandre+{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, 146133920Sandre {0,NULL} 147133920Sandre }; 148133920Sandre 149133920Sandrediff -upr openssl-0.9.8x.orig/ssl/ssl.h openssl-0.9.8x/ssl/ssl.h 150133920Sandre--- openssl-0.9.8x.orig/ssl/ssl.h 2012-03-12 16:50:55.000000000 +0200 151133920Sandre+++ openssl-0.9.8x/ssl/ssl.h 2012-07-07 10:46:31.501140621 +0300 152133920Sandre@@ -344,6 +344,7 @@ extern "C" { 153140224Sglebius * 'struct ssl_st *' function parameters used to prototype callbacks 154133920Sandre * in SSL_CTX. */ 155140224Sglebius typedef struct ssl_st *ssl_crock_st; 156140224Sglebius+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; 157140224Sglebius 158140224Sglebius /* used to hold info on the particular ciphers used */ 159140224Sglebius typedef struct ssl_cipher_st 160140224Sglebius@@ -362,6 +363,9 @@ typedef struct ssl_cipher_st 161140224Sglebius 162145246Sbrooks DECLARE_STACK_OF(SSL_CIPHER) 163173399Soleg 164145246Sbrooks+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg); 165173399Soleg+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); 166173399Soleg+ 167173399Soleg /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 168140224Sglebius typedef struct ssl_method_st 169140224Sglebius { 170140224Sglebius@@ -1050,6 +1054,18 @@ struct ssl_st 171140224Sglebius 172140224Sglebius /* RFC4507 session ticket expected to be received or sent */ 173140224Sglebius int tlsext_ticket_expected; 174140224Sglebius+ 175140224Sglebius+ /* TLS Session Ticket extension override */ 176140224Sglebius+ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; 177140224Sglebius+ 178140224Sglebius+ /* TLS Session Ticket extension callback */ 179144712Sglebius+ tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; 180144712Sglebius+ void *tls_session_ticket_ext_cb_arg; 181140224Sglebius+ 182144712Sglebius+ /* TLS pre-shared secret session resumption */ 183140224Sglebius+ tls_session_secret_cb_fn tls_session_secret_cb; 184141351Sglebius+ void *tls_session_secret_cb_arg; 185141351Sglebius+ 186141351Sglebius SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ 187141351Sglebius #define session_ctx initial_ctx 188141351Sglebius #else 189141351Sglebius@@ -1663,6 +1679,15 @@ void *SSL_COMP_get_compression_methods(v 190141351Sglebius int SSL_COMP_add_compression_method(int id,void *cm); 191141351Sglebius #endif 192141351Sglebius 193141351Sglebius+/* TLS extensions functions */ 194165648Spiso+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 195165648Spiso+ 196165648Spiso+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 197141351Sglebius+ void *arg); 198140224Sglebius+ 199140224Sglebius+/* Pre-shared secret session resumption functions */ 200140224Sglebius+int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); 201140224Sglebius+ 202133920Sandre /* BEGIN ERROR CODES */ 203133920Sandre /* The following lines are auto generated by the script mkerr.pl. Any changes 204133920Sandre * made after this point may be overwritten when the script is next run. 205133920Sandre@@ -1866,6 +1891,7 @@ void ERR_load_SSL_strings(void); 206133920Sandre #define SSL_F_TLS1_ENC 210 207133920Sandre #define SSL_F_TLS1_SETUP_KEY_BLOCK 211 208133920Sandre #define SSL_F_WRITE_PENDING 212 209133920Sandre+#define SSL_F_SSL_SET_SESSION_TICKET_EXT 213 210133920Sandre 211133920Sandre /* Reason codes. */ 212135920Smlaier #define SSL_R_APP_DATA_IN_HANDSHAKE 100 213135920Smlaierdiff -upr openssl-0.9.8x.orig/ssl/ssl_sess.c openssl-0.9.8x/ssl/ssl_sess.c 214133920Sandre--- openssl-0.9.8x.orig/ssl/ssl_sess.c 2010-02-01 18:48:40.000000000 +0200 215133920Sandre+++ openssl-0.9.8x/ssl/ssl_sess.c 2012-07-07 10:46:31.501140621 +0300 216141351Sglebius@@ -712,6 +712,61 @@ long SSL_CTX_get_timeout(const SSL_CTX * 217133920Sandre return(s->session_timeout); 218133920Sandre } 219133920Sandre 220140224Sglebius+#ifndef OPENSSL_NO_TLSEXT 221133920Sandre+int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, 222133920Sandre+ STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) 223133920Sandre+ { 224133920Sandre+ if (s == NULL) return(0); 225133920Sandre+ s->tls_session_secret_cb = tls_session_secret_cb; 226133920Sandre+ s->tls_session_secret_cb_arg = arg; 227133920Sandre+ return(1); 228133920Sandre+ } 229173399Soleg+ 230173399Soleg+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 231173399Soleg+ void *arg) 232173399Soleg+ { 233173399Soleg+ if (s == NULL) return(0); 234173399Soleg+ s->tls_session_ticket_ext_cb = cb; 235173399Soleg+ s->tls_session_ticket_ext_cb_arg = arg; 236173399Soleg+ return(1); 237173399Soleg+ } 238173399Soleg+ 239138652Sglebius+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 240138652Sglebius+ { 241133920Sandre+ if (s->version >= TLS1_VERSION) 242133920Sandre+ { 243133920Sandre+ if (s->tlsext_session_ticket) 244133920Sandre+ { 245133920Sandre+ OPENSSL_free(s->tlsext_session_ticket); 246133920Sandre+ s->tlsext_session_ticket = NULL; 247133920Sandre+ } 248133920Sandre+ 249133920Sandre+ s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 250133920Sandre+ if (!s->tlsext_session_ticket) 251135920Smlaier+ { 252133920Sandre+ SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); 253133920Sandre+ return 0; 254140224Sglebius+ } 255133920Sandre+ 256140224Sglebius+ if (ext_data) 257140224Sglebius+ { 258133920Sandre+ s->tlsext_session_ticket->length = ext_len; 259140224Sglebius+ s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; 260140224Sglebius+ memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); 261140224Sglebius+ } 262140224Sglebius+ else 263133920Sandre+ { 264133920Sandre+ s->tlsext_session_ticket->length = 0; 265133920Sandre+ s->tlsext_session_ticket->data = NULL; 266135167Sandre+ } 267133920Sandre+ 268133920Sandre+ return 1; 269135167Sandre+ } 270135167Sandre+ 271135167Sandre+ return 0; 272135167Sandre+ } 273133920Sandre+#endif /* OPENSSL_NO_TLSEXT */ 274133920Sandre+ 275133920Sandre typedef struct timeout_param_st 276133920Sandre { 277133920Sandre SSL_CTX *ctx; 278133920Sandrediff -upr openssl-0.9.8x.orig/ssl/t1_lib.c openssl-0.9.8x/ssl/t1_lib.c 279133920Sandre--- openssl-0.9.8x.orig/ssl/t1_lib.c 2012-01-04 16:25:10.000000000 +0200 280140224Sglebius+++ openssl-0.9.8x/ssl/t1_lib.c 2012-07-07 10:47:31.153140501 +0300 281133920Sandre@@ -106,6 +106,12 @@ int tls1_new(SSL *s) 282140224Sglebius 283140224Sglebius void tls1_free(SSL *s) 284140224Sglebius { 285140224Sglebius+#ifndef OPENSSL_NO_TLSEXT 286140224Sglebius+ if (s->tlsext_session_ticket) 287140224Sglebius+ { 288140224Sglebius+ OPENSSL_free(s->tlsext_session_ticket); 289145246Sbrooks+ } 290173399Soleg+#endif 291145246Sbrooks ssl3_free(s); 292173399Soleg } 293173399Soleg 294173399Soleg@@ -206,8 +212,23 @@ unsigned char *ssl_add_clienthello_tlsex 295140224Sglebius int ticklen; 296140224Sglebius if (!s->new_session && s->session && s->session->tlsext_tick) 297140224Sglebius ticklen = s->session->tlsext_ticklen; 298140224Sglebius+ else if (s->session && s->tlsext_session_ticket && 299140224Sglebius+ s->tlsext_session_ticket->data) 300140224Sglebius+ { 301140224Sglebius+ ticklen = s->tlsext_session_ticket->length; 302140224Sglebius+ s->session->tlsext_tick = OPENSSL_malloc(ticklen); 303140224Sglebius+ if (!s->session->tlsext_tick) 304140224Sglebius+ return NULL; 305140224Sglebius+ memcpy(s->session->tlsext_tick, 306140224Sglebius+ s->tlsext_session_ticket->data, 307140224Sglebius+ ticklen); 308144712Sglebius+ s->session->tlsext_ticklen = ticklen; 309144712Sglebius+ } 310140224Sglebius else 311144712Sglebius ticklen = 0; 312140224Sglebius+ if (ticklen == 0 && s->tlsext_session_ticket && 313141351Sglebius+ s->tlsext_session_ticket->data == NULL) 314141351Sglebius+ goto skip_ext; 315141351Sglebius /* Check for enough room 2 for extension type, 2 for len 316141351Sglebius * rest for ticket 317141351Sglebius */ 318141351Sglebius@@ -221,6 +242,7 @@ unsigned char *ssl_add_clienthello_tlsex 319141351Sglebius ret += ticklen; 320141351Sglebius } 321141351Sglebius } 322141351Sglebius+ skip_ext: 323141351Sglebius 324165648Spiso if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && 325165648Spiso s->version != DTLS1_VERSION) 326165648Spiso@@ -486,6 +508,15 @@ int ssl_parse_clienthello_tlsext(SSL *s, 327140224Sglebius return 0; 328140224Sglebius renegotiate_seen = 1; 329140224Sglebius } 330140224Sglebius+ else if (type == TLSEXT_TYPE_session_ticket) 331133920Sandre+ { 332133920Sandre+ if (s->tls_session_ticket_ext_cb && 333133920Sandre+ !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) 334133920Sandre+ { 335133920Sandre+ *al = TLS1_AD_INTERNAL_ERROR; 336133920Sandre+ return 0; 337133920Sandre+ } 338133920Sandre+ } 339133920Sandre else if (type == TLSEXT_TYPE_status_request && 340133920Sandre s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) 341133920Sandre { 342133920Sandre@@ -663,6 +694,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, 343133920Sandre } 344135154Sandre else if (type == TLSEXT_TYPE_session_ticket) 345133920Sandre { 346133920Sandre+ if (s->tls_session_ticket_ext_cb && 347133920Sandre+ !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) 348133920Sandre+ { 349133920Sandre+ *al = TLS1_AD_INTERNAL_ERROR; 350133920Sandre+ return 0; 351133920Sandre+ } 352133920Sandre if ((SSL_get_options(s) & SSL_OP_NO_TICKET) 353133920Sandre || (size > 0)) 354136714Sandre { 355136714Sandre@@ -920,6 +957,15 @@ int tls1_process_ticket(SSL *s, unsigned 356136714Sandre s->tlsext_ticket_expected = 1; 357136714Sandre return 0; /* Cache miss */ 358133920Sandre } 359133920Sandre+ if (s->tls_session_secret_cb) 360133920Sandre+ { 361133920Sandre+ /* Indicate cache miss here and instead of 362133920Sandre+ * generating the session from ticket now, 363133920Sandre+ * trigger abbreviated handshake based on 364133920Sandre+ * external mechanism to calculate the master 365133920Sandre+ * secret later. */ 366133920Sandre+ return 0; 367133920Sandre+ } 368133920Sandre return tls_decrypt_ticket(s, p, size, session_id, len, 369133920Sandre ret); 370133920Sandre } 371133920Sandrediff -upr openssl-0.9.8x.orig/ssl/tls1.h openssl-0.9.8x/ssl/tls1.h 372133920Sandre--- openssl-0.9.8x.orig/ssl/tls1.h 2009-11-08 16:51:54.000000000 +0200 373133920Sandre+++ openssl-0.9.8x/ssl/tls1.h 2012-07-07 10:46:31.501140621 +0300 374133920Sandre@@ -401,6 +401,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T 375133920Sandre #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ 376133920Sandre #endif 377133920Sandre 378133920Sandre+/* TLS extension struct */ 379133920Sandre+struct tls_session_ticket_ext_st 380133920Sandre+ { 381133920Sandre+ unsigned short length; 382133920Sandre+ void *data; 383133920Sandre+ }; 384133920Sandre+ 385133920Sandre #ifdef __cplusplus 386133920Sandre } 387133920Sandre #endif 388133920Sandrediff -upr openssl-0.9.8x.orig/util/ssleay.num openssl-0.9.8x/util/ssleay.num 389133920Sandre--- openssl-0.9.8x.orig/util/ssleay.num 2008-06-05 13:57:21.000000000 +0300 390133920Sandre+++ openssl-0.9.8x/util/ssleay.num 2012-07-07 10:46:31.505140623 +0300 391133920Sandre@@ -242,3 +242,5 @@ SSL_set_SSL_CTX 392133920Sandre SSL_get_servername 291 EXIST::FUNCTION:TLSEXT 393133920Sandre SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT 394133920Sandre SSL_CTX_set_client_cert_engine 293 EXIST::FUNCTION:ENGINE 395133920Sandre+SSL_set_session_ticket_ext 306 EXIST::FUNCTION:TLSEXT 396133920Sandre+SSL_set_session_secret_cb 307 EXIST::FUNCTION:TLSEXT 397133920Sandre