diff options
| author | jsing <> | 2017-01-31 15:57:43 +0000 |
|---|---|---|
| committer | jsing <> | 2017-01-31 15:57:43 +0000 |
| commit | 668794109cbdee39a72425d2c14f0dcf25557074 (patch) | |
| tree | af4a58abf8b65859c7bfda0d3e5a62d2892fe0f1 /src/lib/libtls/tls_server.c | |
| parent | 3ad3f36472b7244bbdcd534b2487fb1c780509fa (diff) | |
| download | openbsd-668794109cbdee39a72425d2c14f0dcf25557074.tar.gz openbsd-668794109cbdee39a72425d2c14f0dcf25557074.tar.bz2 openbsd-668794109cbdee39a72425d2c14f0dcf25557074.zip | |
Disable client-initiated renegotiation for libtls servers.
ok beck@ reyk@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libtls/tls_server.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 1a1a48a169..51deff2510 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_server.c,v 1.34 2017/01/26 12:56:37 jsing Exp $ */ | 1 | /* $OpenBSD: tls_server.c,v 1.35 2017/01/31 15:57:43 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -237,6 +237,8 @@ tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx, | |||
| 237 | goto err; | 237 | goto err; |
| 238 | } | 238 | } |
| 239 | 239 | ||
| 240 | SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); | ||
| 241 | |||
| 240 | if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx, | 242 | if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx, |
| 241 | tls_servername_cb) != 1) { | 243 | tls_servername_cb) != 1) { |
| 242 | tls_set_error(ctx, "failed to set servername callback"); | 244 | tls_set_error(ctx, "failed to set servername callback"); |