Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support.  The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.

Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)

1 files changed, 3 insertions, 0 deletions

diff --git a/doc/perlvars.pm b/doc/perlvars.pm
index 91dd5d8284..ab52a086ee 100644
--- a/doc/perlvars.pm
+++ b/doc/perlvars.pm
@@ -179,9 +179,11 @@ $OpenSSL::safe::opt_s_synopsis = ""
 . "[B<-comp>]\n"
 . "[B<-no_ticket>]\n"
 . "[B<-serverpref>]\n"
+. "[B<-client_renegotiation>]\n"
 . "[B<-legacy_renegotiation>]\n"
 . "[B<-no_renegotiation>]\n"
 . "[B<-no_resumption_on_reneg>]\n"
+. "[B<-immediate_renegotiation>]\n"
 . "[B<-legacy_server_connect>]\n"
 . "[B<-no_legacy_server_connect>]\n"
 . "[B<-allow_no_dhe_kex>]\n"
@@ -201,6 +203,7 @@ $OpenSSL::safe::opt_s_synopsis = ""
 . "[B<-no_middlebox>]";
 $OpenSSL::safe::opt_s_item = ""
 . "=item B<-bugs>, B<-comp>, B<-no_comp>, B<-no_ticket>, B<-serverpref>,\n"
+. "B<-client_renegotiation>, B<_immediate_renegotiation>\n"
 . "B<-legacy_renegotiation>, B<-no_renegotiation>, B<-no_resumption_on_reneg>,\n"
 . "B<-legacy_server_connect>, B<-no_legacy_server_connect>,\n"
 . "B<-allow_no_dhe_kex>, B<-prioritize_chacha>, B<-strict>, B<-sigalgs>\n"