diff options
| author | beck <> | 2023-07-03 08:03:56 +0000 |
|---|---|---|
| committer | beck <> | 2023-07-03 08:03:56 +0000 |
| commit | 4fd7bd5165e60dbf55c037ba1cc83c1745cf24ae (patch) | |
| tree | dcc2ea3e21aa9749377e3dd729e8c836773af256 /src | |
| parent | f0653b5aa22cb4244de7397a0020c37a8297d07d (diff) | |
| download | openbsd-4fd7bd5165e60dbf55c037ba1cc83c1745cf24ae.tar.gz openbsd-4fd7bd5165e60dbf55c037ba1cc83c1745cf24ae.tar.bz2 openbsd-4fd7bd5165e60dbf55c037ba1cc83c1745cf24ae.zip | |
Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitons
While I'm here, change the no_ssl2 and no_ssl3 options to use
OPTION_DISCARD as well instead of continuing to set a no-op
option flag.
ok jsing@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/openssl/s_client.c | 10 | ||||
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 18 |
2 files changed, 20 insertions, 8 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 21bb632810..e5a6b006b4 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_client.c,v 1.61 2023/07/03 06:22:07 beck Exp $ */ | 1 | /* $OpenBSD: s_client.c,v 1.62 2023/07/03 08:03:56 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -624,6 +624,14 @@ static const struct option s_client_options[] = { | |||
| 624 | .value = SSL_OP_NO_TICKET, | 624 | .value = SSL_OP_NO_TICKET, |
| 625 | }, | 625 | }, |
| 626 | { | 626 | { |
| 627 | .name = "no_tls1", | ||
| 628 | .type = OPTION_DISCARD, | ||
| 629 | }, | ||
| 630 | { | ||
| 631 | .name = "no_tls1_1", | ||
| 632 | .type = OPTION_DISCARD, | ||
| 633 | }, | ||
| 634 | { | ||
| 627 | .name = "no_tls1_2", | 635 | .name = "no_tls1_2", |
| 628 | .desc = "Disable the use of TLSv1.2", | 636 | .desc = "Disable the use of TLSv1.2", |
| 629 | .type = OPTION_VALUE_OR, | 637 | .type = OPTION_VALUE_OR, |
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index 12eb90699e..95fe633ef1 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.57 2023/07/03 06:22:07 beck Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.58 2023/07/03 08:03:56 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -770,15 +770,19 @@ static const struct option s_server_options[] = { | |||
| 770 | }, | 770 | }, |
| 771 | { | 771 | { |
| 772 | .name = "no_ssl2", | 772 | .name = "no_ssl2", |
| 773 | .type = OPTION_VALUE_OR, | 773 | .type = OPTION_DISCARD, |
| 774 | .opt.value = &cfg.off, | ||
| 775 | .value = SSL_OP_NO_SSLv2, | ||
| 776 | }, | 774 | }, |
| 777 | { | 775 | { |
| 778 | .name = "no_ssl3", | 776 | .name = "no_ssl3", |
| 779 | .type = OPTION_VALUE_OR, | 777 | .type = OPTION_DISCARD, |
| 780 | .opt.value = &cfg.off, | 778 | }, |
| 781 | .value = SSL_OP_NO_SSLv3, | 779 | { |
| 780 | .name = "no_tls1", | ||
| 781 | .type = OPTION_DISCARD, | ||
| 782 | }, | ||
| 783 | { | ||
| 784 | .name = "no_tls1_1", | ||
| 785 | .type = OPTION_DISCARD, | ||
| 782 | }, | 786 | }, |
| 783 | { | 787 | { |
| 784 | .name = "no_tls1_2", | 788 | .name = "no_tls1_2", |