diff options
| author | jsing <> | 2014-05-31 10:49:28 +0000 |
|---|---|---|
| committer | jsing <> | 2014-05-31 10:49:28 +0000 |
| commit | d665bfa277b1e81363c3e394b17836a6a84475e9 (patch) | |
| tree | 32a374445fa15f520b06510f07c011a6234df599 /src/lib/libssl/ssl_sess.c | |
| parent | bc0edbb8c0dee7ed3bd8c093fe0792ab242a5ca1 (diff) | |
| download | openbsd-d665bfa277b1e81363c3e394b17836a6a84475e9.tar.gz openbsd-d665bfa277b1e81363c3e394b17836a6a84475e9.tar.bz2 openbsd-d665bfa277b1e81363c3e394b17836a6a84475e9.zip | |
TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.
ok tedu@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 632d6a6860..de133a72ca 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -208,7 +208,6 @@ SSL_SESSION_new(void) | |||
| 208 | ss->prev = NULL; | 208 | ss->prev = NULL; |
| 209 | ss->next = NULL; | 209 | ss->next = NULL; |
| 210 | ss->compress_meth = 0; | 210 | ss->compress_meth = 0; |
| 211 | #ifndef OPENSSL_NO_TLSEXT | ||
| 212 | ss->tlsext_hostname = NULL; | 211 | ss->tlsext_hostname = NULL; |
| 213 | 212 | ||
| 214 | #ifndef OPENSSL_NO_EC | 213 | #ifndef OPENSSL_NO_EC |
| @@ -217,7 +216,6 @@ SSL_SESSION_new(void) | |||
| 217 | ss->tlsext_ellipticcurvelist_length = 0; | 216 | ss->tlsext_ellipticcurvelist_length = 0; |
| 218 | ss->tlsext_ellipticcurvelist = NULL; | 217 | ss->tlsext_ellipticcurvelist = NULL; |
| 219 | #endif | 218 | #endif |
| 220 | #endif | ||
| 221 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 219 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 222 | #ifndef OPENSSL_NO_PSK | 220 | #ifndef OPENSSL_NO_PSK |
| 223 | ss->psk_identity_hint = NULL; | 221 | ss->psk_identity_hint = NULL; |
| @@ -313,13 +311,11 @@ ssl_get_new_session(SSL *s, int session) | |||
| 313 | SSL_SESSION_free(ss); | 311 | SSL_SESSION_free(ss); |
| 314 | return (0); | 312 | return (0); |
| 315 | } | 313 | } |
| 316 | #ifndef OPENSSL_NO_TLSEXT | ||
| 317 | /* If RFC4507 ticket use empty session ID */ | 314 | /* If RFC4507 ticket use empty session ID */ |
| 318 | if (s->tlsext_ticket_expected) { | 315 | if (s->tlsext_ticket_expected) { |
| 319 | ss->session_id_length = 0; | 316 | ss->session_id_length = 0; |
| 320 | goto sess_id_done; | 317 | goto sess_id_done; |
| 321 | } | 318 | } |
| 322 | #endif | ||
| 323 | /* Choose which callback will set the session ID */ | 319 | /* Choose which callback will set the session ID */ |
| 324 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 320 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 325 | if (s->generate_session_id) | 321 | if (s->generate_session_id) |
| @@ -354,7 +350,6 @@ ssl_get_new_session(SSL *s, int session) | |||
| 354 | SSL_SESSION_free(ss); | 350 | SSL_SESSION_free(ss); |
| 355 | return (0); | 351 | return (0); |
| 356 | } | 352 | } |
| 357 | #ifndef OPENSSL_NO_TLSEXT | ||
| 358 | sess_id_done: | 353 | sess_id_done: |
| 359 | if (s->tlsext_hostname) { | 354 | if (s->tlsext_hostname) { |
| 360 | ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); | 355 | ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); |
| @@ -386,7 +381,6 @@ ssl_get_new_session(SSL *s, int session) | |||
| 386 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | 381 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); |
| 387 | } | 382 | } |
| 388 | #endif | 383 | #endif |
| 389 | #endif | ||
| 390 | } else { | 384 | } else { |
| 391 | ss->session_id_length = 0; | 385 | ss->session_id_length = 0; |
| 392 | } | 386 | } |
| @@ -433,9 +427,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 433 | SSL_SESSION *ret = NULL; | 427 | SSL_SESSION *ret = NULL; |
| 434 | int fatal = 0; | 428 | int fatal = 0; |
| 435 | int try_session_cache = 1; | 429 | int try_session_cache = 1; |
| 436 | #ifndef OPENSSL_NO_TLSEXT | ||
| 437 | int r; | 430 | int r; |
| 438 | #endif | ||
| 439 | 431 | ||
| 440 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) | 432 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) |
| 441 | goto err; | 433 | goto err; |
| @@ -443,7 +435,6 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 443 | if (len == 0) | 435 | if (len == 0) |
| 444 | try_session_cache = 0; | 436 | try_session_cache = 0; |
| 445 | 437 | ||
| 446 | #ifndef OPENSSL_NO_TLSEXT | ||
| 447 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ | 438 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ |
| 448 | switch (r) { | 439 | switch (r) { |
| 449 | case -1: /* Error during processing */ | 440 | case -1: /* Error during processing */ |
| @@ -459,7 +450,6 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 459 | default: | 450 | default: |
| 460 | abort(); | 451 | abort(); |
| 461 | } | 452 | } |
| 462 | #endif | ||
| 463 | 453 | ||
| 464 | if (try_session_cache && | 454 | if (try_session_cache && |
| 465 | ret == NULL && | 455 | ret == NULL && |
| @@ -570,13 +560,11 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 570 | err: | 560 | err: |
| 571 | if (ret != NULL) { | 561 | if (ret != NULL) { |
| 572 | SSL_SESSION_free(ret); | 562 | SSL_SESSION_free(ret); |
| 573 | #ifndef OPENSSL_NO_TLSEXT | ||
| 574 | if (!try_session_cache) { | 563 | if (!try_session_cache) { |
| 575 | /* The session was from a ticket, so we should | 564 | /* The session was from a ticket, so we should |
| 576 | * issue a ticket for the new session */ | 565 | * issue a ticket for the new session */ |
| 577 | s->tlsext_ticket_expected = 1; | 566 | s->tlsext_ticket_expected = 1; |
| 578 | } | 567 | } |
| 579 | #endif | ||
| 580 | } | 568 | } |
| 581 | if (fatal) | 569 | if (fatal) |
| 582 | return -1; | 570 | return -1; |
| @@ -701,7 +689,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 701 | X509_free(ss->peer); | 689 | X509_free(ss->peer); |
| 702 | if (ss->ciphers != NULL) | 690 | if (ss->ciphers != NULL) |
| 703 | sk_SSL_CIPHER_free(ss->ciphers); | 691 | sk_SSL_CIPHER_free(ss->ciphers); |
| 704 | #ifndef OPENSSL_NO_TLSEXT | ||
| 705 | free(ss->tlsext_hostname); | 692 | free(ss->tlsext_hostname); |
| 706 | free(ss->tlsext_tick); | 693 | free(ss->tlsext_tick); |
| 707 | #ifndef OPENSSL_NO_EC | 694 | #ifndef OPENSSL_NO_EC |
| @@ -710,7 +697,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 710 | ss->tlsext_ellipticcurvelist_length = 0; | 697 | ss->tlsext_ellipticcurvelist_length = 0; |
| 711 | free(ss->tlsext_ellipticcurvelist); | 698 | free(ss->tlsext_ellipticcurvelist); |
| 712 | #endif /* OPENSSL_NO_EC */ | 699 | #endif /* OPENSSL_NO_EC */ |
| 713 | #endif | ||
| 714 | #ifndef OPENSSL_NO_PSK | 700 | #ifndef OPENSSL_NO_PSK |
| 715 | free(ss->psk_identity_hint); | 701 | free(ss->psk_identity_hint); |
| 716 | free(ss->psk_identity); | 702 | free(ss->psk_identity); |
| @@ -839,7 +825,6 @@ SSL_CTX_get_timeout(const SSL_CTX *s) | |||
| 839 | return (s->session_timeout); | 825 | return (s->session_timeout); |
| 840 | } | 826 | } |
| 841 | 827 | ||
| 842 | #ifndef OPENSSL_NO_TLSEXT | ||
| 843 | int | 828 | int |
| 844 | SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, | 829 | SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, |
| 845 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) | 830 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) |
| @@ -887,7 +872,6 @@ SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) | |||
| 887 | 872 | ||
| 888 | return 0; | 873 | return 0; |
| 889 | } | 874 | } |
| 890 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 891 | 875 | ||
| 892 | typedef struct timeout_param_st { | 876 | typedef struct timeout_param_st { |
| 893 | SSL_CTX *ctx; | 877 | SSL_CTX *ctx; |