Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssl/dist/ssl remove SSL3_FLAGS_ALLOW...



details:   https://anonhg.NetBSD.org/src/rev/f25d3f7ffea7
branches:  trunk
changeset: 767064:f25d3f7ffea7
user:      drochner <drochner%NetBSD.org@localhost>
date:      Thu Jul 07 18:11:18 2011 +0000

description:
remove SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -- openssl uses
another mechanism now, and these remainders break renogotiation with
(at least) tor and postgres

diffstat:

 crypto/external/bsd/openssl/dist/ssl/s3_lib.c   |  3 ---
 crypto/external/bsd/openssl/dist/ssl/s3_pkt.c   |  4 +---
 crypto/external/bsd/openssl/dist/ssl/s3_srvr.c  |  8 --------
 crypto/external/bsd/openssl/dist/ssl/ssl_locl.h |  2 --
 4 files changed, 1 insertions(+), 16 deletions(-)

diffs (64 lines):

diff -r 05823fcd7281 -r f25d3f7ffea7 crypto/external/bsd/openssl/dist/ssl/s3_lib.c
--- a/crypto/external/bsd/openssl/dist/ssl/s3_lib.c     Thu Jul 07 17:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/s3_lib.c     Thu Jul 07 18:11:18 2011 +0000
@@ -3727,9 +3727,6 @@
        if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
                return(0);
 
-       if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-               return(0);
-
        s->s3->renegotiate=1;
        return(1);
        }
diff -r 05823fcd7281 -r f25d3f7ffea7 crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
--- a/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c     Thu Jul 07 17:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c     Thu Jul 07 18:11:18 2011 +0000
@@ -1108,7 +1108,6 @@
 
                if (SSL_is_init_finished(s) &&
                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-                       (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) &&
                        !s->s3->renegotiate)
                        {
                        ssl3_renegotiate(s);
@@ -1278,8 +1277,7 @@
        if ((s->s3->handshake_fragment_len >= 4) &&     !s->in_handshake)
                {
                if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
-                       !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-                       (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+                       !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
                        {
 #if 0 /* worked only because C operator preferences are not as expected (and
        * because this is not really needed for clients except for detecting
diff -r 05823fcd7281 -r f25d3f7ffea7 crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
--- a/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c    Thu Jul 07 17:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c    Thu Jul 07 18:11:18 2011 +0000
@@ -877,14 +877,6 @@
 #endif
        STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
-       if (s->new_session
-           && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-               {
-               al=SSL_AD_HANDSHAKE_FAILURE;
-               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-               goto f_err;
-               }
-
        /* We do this so that we will respond with our native type.
         * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
         * This down switching should be handled by a different method.
diff -r 05823fcd7281 -r f25d3f7ffea7 crypto/external/bsd/openssl/dist/ssl/ssl_locl.h
--- a/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h   Thu Jul 07 17:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h   Thu Jul 07 18:11:18 2011 +0000
@@ -459,8 +459,6 @@
 #define NAMED_CURVE_TYPE           3
 #endif  /* OPENSSL_NO_EC */
 
-#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION   0x0010
-
 typedef struct cert_pkey_st
        {
        X509 *x509;



Home | Main Index | Thread Index | Old Index