diff options
| author | beck <> | 2014-04-16 18:05:55 +0000 |
|---|---|---|
| committer | beck <> | 2014-04-16 18:05:55 +0000 |
| commit | 25fb42a499baa9d1b38e2e7d515a6d04e1b46c13 (patch) | |
| tree | 516681ebe1121ac72861c67f1ce12851fce7d1ac /src/lib/libssl/s3_srvr.c | |
| parent | 8624571783383935c83e19128a6076d5fcf698c9 (diff) | |
| download | openbsd-25fb42a499baa9d1b38e2e7d515a6d04e1b46c13.tar.gz openbsd-25fb42a499baa9d1b38e2e7d515a6d04e1b46c13.tar.bz2 openbsd-25fb42a499baa9d1b38e2e7d515a6d04e1b46c13.zip | |
Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a knob
to say "allow this connection to negotiate insecurely". de-fang the code
that respects this option to ignore it.
ok miod@
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 93510cb58a..1a924f828e 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -269,9 +269,7 @@ ssl3_accept(SSL *s) | |||
| 269 | ssl3_init_finished_mac(s); | 269 | ssl3_init_finished_mac(s); |
| 270 | s->state = SSL3_ST_SR_CLNT_HELLO_A; | 270 | s->state = SSL3_ST_SR_CLNT_HELLO_A; |
| 271 | s->ctx->stats.sess_accept++; | 271 | s->ctx->stats.sess_accept++; |
| 272 | } else if (!s->s3->send_connection_binding && | 272 | } else if (!s->s3->send_connection_binding) { |
| 273 | !(s->options & | ||
| 274 | SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { | ||
| 275 | /* | 273 | /* |
| 276 | * Server attempting to renegotiate with | 274 | * Server attempting to renegotiate with |
| 277 | * client that doesn't support secure | 275 | * client that doesn't support secure |