diff options
| author | doug <> | 2015-06-15 05:32:58 +0000 |
|---|---|---|
| committer | doug <> | 2015-06-15 05:32:58 +0000 |
| commit | b5c7960f11d2b64faae5154f9709f34d00462124 (patch) | |
| tree | 48e9bd19ccb5bd20c0b80b96fa9a62b66846edb4 /src/lib/libssl/s3_clnt.c | |
| parent | 6e37f91580bf8e077c11c85155cef0381d8ef35c (diff) | |
| download | openbsd-b5c7960f11d2b64faae5154f9709f34d00462124.tar.gz openbsd-b5c7960f11d2b64faae5154f9709f34d00462124.tar.bz2 openbsd-b5c7960f11d2b64faae5154f9709f34d00462124.zip | |
Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.
This commit matches the OpenSSL removal in commit
3c33c6f6b10864355553961e638514a6d1bb00f6.
ok deraadt@
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 24 |
1 files changed, 6 insertions, 18 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 8a137056be..76c0c488c5 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.111 2015/03/31 13:17:48 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.112 2015/06/15 05:32:58 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1645,8 +1645,6 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1645 | } | 1645 | } |
| 1646 | n2s(p, l); | 1646 | n2s(p, l); |
| 1647 | if ((l + nc + 2) > llen) { | 1647 | if ((l + nc + 2) > llen) { |
| 1648 | if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) | ||
| 1649 | goto cont; /* netscape bugs */ | ||
| 1650 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1648 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1651 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1649 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1652 | SSL_R_CA_DN_TOO_LONG); | 1650 | SSL_R_CA_DN_TOO_LONG); |
| @@ -1656,16 +1654,11 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1656 | q = p; | 1654 | q = p; |
| 1657 | 1655 | ||
| 1658 | if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) { | 1656 | if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) { |
| 1659 | /* If netscape tolerance is on, ignore errors */ | 1657 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 1660 | if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) | 1658 | SSL_AD_DECODE_ERROR); |
| 1661 | goto cont; | 1659 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1662 | else { | 1660 | ERR_R_ASN1_LIB); |
| 1663 | ssl3_send_alert(s, SSL3_AL_FATAL, | 1661 | goto err; |
| 1664 | SSL_AD_DECODE_ERROR); | ||
| 1665 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1666 | ERR_R_ASN1_LIB); | ||
| 1667 | goto err; | ||
| 1668 | } | ||
| 1669 | } | 1662 | } |
| 1670 | 1663 | ||
| 1671 | if (q != (p + l)) { | 1664 | if (q != (p + l)) { |
| @@ -1684,11 +1677,6 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1684 | nc += l + 2; | 1677 | nc += l + 2; |
| 1685 | } | 1678 | } |
| 1686 | 1679 | ||
| 1687 | if (0) { | ||
| 1688 | cont: | ||
| 1689 | ERR_clear_error(); | ||
| 1690 | } | ||
| 1691 | |||
| 1692 | /* we should setup a certificate to return.... */ | 1680 | /* we should setup a certificate to return.... */ |
| 1693 | s->s3->tmp.cert_req = 1; | 1681 | s->s3->tmp.cert_req = 1; |
| 1694 | s->s3->tmp.ctype_num = ctype_num; | 1682 | s->s3->tmp.ctype_num = ctype_num; |