summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordoug <>2015-06-15 03:32:59 +0000
committerdoug <>2015-06-15 03:32:59 +0000
commitc3c8a32860541df7ab360b602a1449e6d90be892 (patch)
treea1e45943c8fd19b80883dfe567572caad1c3a6f7
parent4f0aff2c6a7e4e9c264f4b339c647a07dc281769 (diff)
downloadopenbsd-c3c8a32860541df7ab360b602a1449e6d90be892.tar.gz
openbsd-c3c8a32860541df7ab360b602a1449e6d90be892.tar.bz2
openbsd-c3c8a32860541df7ab360b602a1449e6d90be892.zip
Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG.
This is a hack for an old version of SSLeay which predates OpenSSL.
Diffstat
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_options.36
-rw-r--r--src/lib/libssl/s3_srvr.c13
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.36
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c13
4 files changed, 16 insertions, 22 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3
index b940c3d7d0..bacd3b84f0 100644
--- a/src/lib/libssl/doc/SSL_CTX_set_options.3
+++ b/src/lib/libssl/doc/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
1.\" 1.\"
2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.3 2015/06/15 02:57:05 doug Exp $ 2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.4 2015/06/15 03:32:59 doug Exp $
3.\" 3.\"
4.Dd $Mdocdate: June 15 2015 $ 4.Dd $Mdocdate: June 15 2015 $
5.Dt SSL_CTX_SET_OPTIONS 3 5.Dt SSL_CTX_SET_OPTIONS 3
@@ -119,7 +119,9 @@ this option has no effect.
119Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. 119Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
120OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. 120OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
121.It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG 121.It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG
122\&... 122As of
123.Ox 5.8 ,
124this option has no effect.
123.It Dv SSL_OP_TLS_D5_BUG 125.It Dv SSL_OP_TLS_D5_BUG
124\&... 126\&...
125.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG 127.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 921d779780..7f6a5a0bbd 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.103 2015/05/15 11:00:14 jsg Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.104 2015/06/15 03:32:59 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1867,14 +1867,9 @@ ssl3_get_client_key_exchange(SSL *s)
1867 goto truncated; 1867 goto truncated;
1868 n2s(p, i); 1868 n2s(p, i);
1869 if (n != i + 2) { 1869 if (n != i + 2) {
1870 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { 1870 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1871 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1871 SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
1872 SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); 1872 goto err;
1873 goto err;
1874 } else {
1875 p -= 2;
1876 i = (int)n;
1877 }
1878 } 1873 }
1879 1874
1880 if (n == 0L) { 1875 if (n == 0L) {
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
index b940c3d7d0..bacd3b84f0 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
1.\" 1.\"
2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.3 2015/06/15 02:57:05 doug Exp $ 2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.4 2015/06/15 03:32:59 doug Exp $
3.\" 3.\"
4.Dd $Mdocdate: June 15 2015 $ 4.Dd $Mdocdate: June 15 2015 $
5.Dt SSL_CTX_SET_OPTIONS 3 5.Dt SSL_CTX_SET_OPTIONS 3
@@ -119,7 +119,9 @@ this option has no effect.
119Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. 119Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
120OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. 120OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
121.It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG 121.It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG
122\&... 122As of
123.Ox 5.8 ,
124this option has no effect.
123.It Dv SSL_OP_TLS_D5_BUG 125.It Dv SSL_OP_TLS_D5_BUG
124\&... 126\&...
125.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG 127.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 921d779780..7f6a5a0bbd 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.103 2015/05/15 11:00:14 jsg Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.104 2015/06/15 03:32:59 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1867,14 +1867,9 @@ ssl3_get_client_key_exchange(SSL *s)
1867 goto truncated; 1867 goto truncated;
1868 n2s(p, i); 1868 n2s(p, i);
1869 if (n != i + 2) { 1869 if (n != i + 2) {
1870 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { 1870 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1871 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1871 SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
1872 SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); 1872 goto err;
1873 goto err;
1874 } else {
1875 p -= 2;
1876 i = (int)n;
1877 }
1878 } 1873 }
1879 1874
1880 if (n == 0L) { 1875 if (n == 0L) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:43:58 +0000