Neuter the SSL_set_debug(3) API

The TLSv1.3 stack didn't support this in the first place, and in the legacy
stack it only added some dubious BIO_flush(3) calls. The sleep call between
SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has
been a sleep call in the s_server since time immemorial, nota bene between
calls to BIO_gets(3). Anyway. This can all go and what remains will go with
the next major bump.

ok jsing

4 files changed, 5 insertions, 21 deletions

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 76ed10f806..52f5de35a4 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.162 2023/11/19 15:50:29 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -631,11 +631,6 @@ ssl3_connect(SSL *s)
 
                 /* did we do anything */
                 if (!s->s3->hs.tls12.reuse_message && !skip) {
-                        if (s->debug) {
-                                if ((ret = BIO_flush(s->wbio)) <= 0)
-                                        goto end;
-                        }
-
                         if (s->s3->hs.state != state) {
                                 new_state = s->s3->hs.state;
                                 s->s3->hs.state = state;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index ce14ce710a..c97441c9c0 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.317 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2933,8 +2933,6 @@ SSL_dup(SSL *s)
 
         SSL_set_info_callback(ret, SSL_get_info_callback(s));
 
-        ret->debug = s->debug;
-
         /* copy app data, a little dangerous perhaps */
         if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
             &ret->ex_data, &s->ex_data))
@@ -3488,7 +3486,7 @@ LSSL_ALIAS(SSL_set_msg_callback);
 void
 SSL_set_debug(SSL *s, int debug)
 {
-        s->debug = debug;
+        SSLerror(s, ERR_R_DISABLED);
 }
 LSSL_ALIAS(SSL_set_debug);
 
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index a2c2588c38..bd6275fac7 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.11 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1074,9 +1074,6 @@ struct ssl_st {
         /* for server side, keep the list of CA_dn we can use */
         STACK_OF(X509_NAME) *client_CA;
 
-        /* set this flag to 1 and a sleep(1) is put into all SSL_read()
-         * and SSL_write() calls, good for nbio debugging :-) */
-        int debug;
         long max_cert_list;
         int first_packet;
 
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index a571549b64..f26fde5061 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.157 2023/11/18 10:51:09 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -740,12 +740,6 @@ ssl3_accept(SSL *s)
                 }
 
                 if (!s->s3->hs.tls12.reuse_message && !skip) {
-                        if (s->debug) {
-                                if ((ret = BIO_flush(s->wbio)) <= 0)
-                                        goto end;
-                        }
-
-
                         if (s->s3->hs.state != state) {
                                 new_state = s->s3->hs.state;
                                 s->s3->hs.state = state;