diff options
| author | guenther <> | 2014-04-18 15:39:53 +0000 |
|---|---|---|
| committer | guenther <> | 2014-04-18 15:39:53 +0000 |
| commit | 2cc456829e290c8c01ffd29532e961a810d0f05e (patch) | |
| tree | cd56b260b305a9f3bcb8b4a84345694af61cb48e /src/lib/libssl/s3_pkt.c | |
| parent | e5771c8113183d9900791e248265caa10e314025 (diff) | |
| download | openbsd-2cc456829e290c8c01ffd29532e961a810d0f05e.tar.gz openbsd-2cc456829e290c8c01ffd29532e961a810d0f05e.tar.bz2 openbsd-2cc456829e290c8c01ffd29532e961a810d0f05e.zip | |
Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep
the #define for compat, but document that it's a no-op now. Also, neuter
the -legacy_renegotiation option to "openssl s_{client,server}"
ok beck@
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index e901268a34..ec73ef50bd 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1095,8 +1095,7 @@ start: | |||
| 1095 | (s->version > SSL3_VERSION) && | 1095 | (s->version > SSL3_VERSION) && |
| 1096 | (s->s3->handshake_fragment_len >= 4) && | 1096 | (s->s3->handshake_fragment_len >= 4) && |
| 1097 | (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && | 1097 | (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && |
| 1098 | (s->session != NULL) && (s->session->cipher != NULL) && | 1098 | (s->session != NULL) && (s->session->cipher != NULL)) { |
| 1099 | !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { | ||
| 1100 | /*s->s3->handshake_fragment_len = 0;*/ | 1099 | /*s->s3->handshake_fragment_len = 0;*/ |
| 1101 | rr->length = 0; | 1100 | rr->length = 0; |
| 1102 | ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); | 1101 | ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); |