From 0f0e0ca9a5b2712a1e08b354a2d753695a387f8e Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Thu, 1 Sep 2016 15:17:46 -0600
Subject: [PATCH] add extended master to example client

---
 examples/client/client.c | 45 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index ae61c1a5f..2129f0247 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -494,6 +494,9 @@ static void Usage(void)
 #ifdef HAVE_TRUNCATED_HMAC
     printf("-T          Use Truncated HMAC\n");
 #endif
+#ifdef HAVE_EXTENDED_MASTER
+    printf("-n          Use Extended Master Secret\n");
+#endif
 #ifdef HAVE_OCSP
     printf("-o          Perform OCSP lookup on peer certificate\n");
     printf("-O <url>    Perform OCSP lookup using <url> as responder\n");
@@ -609,6 +612,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
     byte statusRequest = 0;
 #endif
+#ifdef HAVE_EXTENDED_MASTER
+    byte extMasterSecret = 0;
+#endif
 
 
 #ifdef HAVE_OCSP
@@ -651,7 +657,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
 #ifndef WOLFSSL_VXWORKS
     while ((ch = mygetopt(argc, argv,
-          "?gdeDuGsmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:E:M:q:"))
+          "?gdeDuGsmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:TnoO:aB:W:E:M:q:"))
             != -1) {
         switch (ch) {
             case '?' :
@@ -857,6 +863,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 #endif
                 break;
 
+            case 'n' :
+                #ifdef HAVE_EXTENDED_MASTER
+                    extMasterSecret = 1;
+                #endif
+                break;
+
             case 'W' :
                 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
                  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
@@ -1233,6 +1245,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
         err_sys("UseSessionTicket failed");
 #endif
+#ifdef HAVE_EXTENDED_MASTER
+    if (extMasterSecret)
+        if (wolfSSL_CTX_UseExtendedMasterSecret(ctx) != SSL_SUCCESS)
+            err_sys("UseExtendedMasterSecret failed");
+#endif
 
     if (benchmark) {
         ((func_args*)args)->return_code =
@@ -1555,6 +1572,32 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
                                     (void*)"resumed session");
 #endif
+    #ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */
+        if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP256R1)
+                != SSL_SUCCESS) {
+            err_sys("unable to set curve secp256r1");
+        }
+        if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP384R1)
+                != SSL_SUCCESS) {
+            err_sys("unable to set curve secp384r1");
+        }
+        if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP521R1)
+                != SSL_SUCCESS) {
+            err_sys("unable to set curve secp521r1");
+        }
+        if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP224R1)
+                != SSL_SUCCESS) {
+            err_sys("unable to set curve secp224r1");
+        }
+        if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP192R1)
+                != SSL_SUCCESS) {
+            err_sys("unable to set curve secp192r1");
+        }
+        if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP160R1)
+                != SSL_SUCCESS) {
+            err_sys("unable to set curve secp160r1");
+        }
+    #endif
 
 #ifndef WOLFSSL_CALLBACKS
         if (nonBlocking) {