Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl/dist/ssl remove SSL3_FLAGS_ALLOW...
details: https://anonhg.NetBSD.org/src/rev/f25d3f7ffea7
branches: trunk
changeset: 767064:f25d3f7ffea7
user: drochner <drochner%NetBSD.org@localhost>
date: Thu Jul 07 18:11:18 2011 +0000
description:
remove SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -- openssl uses
another mechanism now, and these remainders break renogotiation with
(at least) tor and postgres
diffstat:
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 3 ---
crypto/external/bsd/openssl/dist/ssl/s3_pkt.c | 4 +---
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c | 8 --------
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h | 2 --
4 files changed, 1 insertions(+), 16 deletions(-)
diffs (64 lines):
diff -r 05823fcd7281 -r f25d3f7ffea7 crypto/external/bsd/openssl/dist/ssl/s3_lib.c
--- a/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Thu Jul 07 17:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Thu Jul 07 18:11:18 2011 +0000
@@ -3727,9 +3727,6 @@
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
- if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- return(0);
-
s->s3->renegotiate=1;
return(1);
}
diff -r 05823fcd7281 -r f25d3f7ffea7 crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
--- a/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Thu Jul 07 17:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Thu Jul 07 18:11:18 2011 +0000
@@ -1108,7 +1108,6 @@
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) &&
!s->s3->renegotiate)
{
ssl3_renegotiate(s);
@@ -1278,8 +1277,7 @@
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
diff -r 05823fcd7281 -r f25d3f7ffea7 crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
--- a/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Thu Jul 07 17:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Thu Jul 07 18:11:18 2011 +0000
@@ -877,14 +877,6 @@
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
- if (s->new_session
- && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto f_err;
- }
-
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
diff -r 05823fcd7281 -r f25d3f7ffea7 crypto/external/bsd/openssl/dist/ssl/ssl_locl.h
--- a/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Thu Jul 07 17:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Thu Jul 07 18:11:18 2011 +0000
@@ -459,8 +459,6 @@
#define NAMED_CURVE_TYPE 3
#endif /* OPENSSL_NO_EC */
-#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
-
typedef struct cert_pkey_st
{
X509 *x509;
Home |
Main Index |
Thread Index |
Old Index