diff options
| author | jsing <> | 2014-06-11 15:17:19 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-11 15:17:19 +0000 |
| commit | 563d45f5e31be40b590640330f1a08569995ef28 (patch) | |
| tree | ab13f82dcf0f6baca1cef4ba121da7c03a13fac8 /src | |
| parent | b9b725514027a560daae1c5518c700360b5764bc (diff) | |
| download | openbsd-563d45f5e31be40b590640330f1a08569995ef28.tar.gz openbsd-563d45f5e31be40b590640330f1a08569995ef28.tar.bz2 openbsd-563d45f5e31be40b590640330f1a08569995ef28.zip | |
Disable TLS support...
Just kidding!
unifdef OPENSSL_NO_TLS since we will never want to actually do that.
ok deraadt@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/s23_clnt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_pkt.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s23_clnt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_pkt.c | 2 |
6 files changed, 0 insertions, 16 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 87916eb763..b8fd4c92e5 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1161,13 +1161,11 @@ start: | |||
| 1161 | 1161 | ||
| 1162 | switch (rr->type) { | 1162 | switch (rr->type) { |
| 1163 | default: | 1163 | default: |
| 1164 | #ifndef OPENSSL_NO_TLS | ||
| 1165 | /* TLS just ignores unknown message types */ | 1164 | /* TLS just ignores unknown message types */ |
| 1166 | if (s->version == TLS1_VERSION) { | 1165 | if (s->version == TLS1_VERSION) { |
| 1167 | rr->length = 0; | 1166 | rr->length = 0; |
| 1168 | goto start; | 1167 | goto start; |
| 1169 | } | 1168 | } |
| 1170 | #endif | ||
| 1171 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1169 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1172 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | 1170 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); |
| 1173 | goto f_err; | 1171 | goto f_err; |
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 1bc582364b..7a42b1f0ea 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c | |||
| @@ -309,14 +309,10 @@ ssl23_client_hello(SSL *s) | |||
| 309 | * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. | 309 | * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. |
| 310 | */ | 310 | */ |
| 311 | mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; | 311 | mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; |
| 312 | #if !defined(OPENSSL_NO_TLS1_2_CLIENT) | ||
| 313 | version = TLS1_2_VERSION; | 312 | version = TLS1_2_VERSION; |
| 314 | 313 | ||
| 315 | if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) | 314 | if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) |
| 316 | version = TLS1_1_VERSION; | 315 | version = TLS1_1_VERSION; |
| 317 | #else | ||
| 318 | version = TLS1_1_VERSION; | ||
| 319 | #endif | ||
| 320 | mask &= ~SSL_OP_NO_TLSv1_1; | 316 | mask &= ~SSL_OP_NO_TLSv1_1; |
| 321 | if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) | 317 | if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) |
| 322 | version = TLS1_VERSION; | 318 | version = TLS1_VERSION; |
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index e19aba5580..9af897eb47 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1304,7 +1304,6 @@ start: | |||
| 1304 | 1304 | ||
| 1305 | switch (rr->type) { | 1305 | switch (rr->type) { |
| 1306 | default: | 1306 | default: |
| 1307 | #ifndef OPENSSL_NO_TLS | ||
| 1308 | /* | 1307 | /* |
| 1309 | * TLS up to v1.1 just ignores unknown message types: | 1308 | * TLS up to v1.1 just ignores unknown message types: |
| 1310 | * TLS v1.2 give an unexpected message alert. | 1309 | * TLS v1.2 give an unexpected message alert. |
| @@ -1314,7 +1313,6 @@ start: | |||
| 1314 | rr->length = 0; | 1313 | rr->length = 0; |
| 1315 | goto start; | 1314 | goto start; |
| 1316 | } | 1315 | } |
| 1317 | #endif | ||
| 1318 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1316 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1319 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | 1317 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); |
| 1320 | goto f_err; | 1318 | goto f_err; |
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 87916eb763..b8fd4c92e5 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c | |||
| @@ -1161,13 +1161,11 @@ start: | |||
| 1161 | 1161 | ||
| 1162 | switch (rr->type) { | 1162 | switch (rr->type) { |
| 1163 | default: | 1163 | default: |
| 1164 | #ifndef OPENSSL_NO_TLS | ||
| 1165 | /* TLS just ignores unknown message types */ | 1164 | /* TLS just ignores unknown message types */ |
| 1166 | if (s->version == TLS1_VERSION) { | 1165 | if (s->version == TLS1_VERSION) { |
| 1167 | rr->length = 0; | 1166 | rr->length = 0; |
| 1168 | goto start; | 1167 | goto start; |
| 1169 | } | 1168 | } |
| 1170 | #endif | ||
| 1171 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1169 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1172 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | 1170 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); |
| 1173 | goto f_err; | 1171 | goto f_err; |
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c index 1bc582364b..7a42b1f0ea 100644 --- a/src/lib/libssl/src/ssl/s23_clnt.c +++ b/src/lib/libssl/src/ssl/s23_clnt.c | |||
| @@ -309,14 +309,10 @@ ssl23_client_hello(SSL *s) | |||
| 309 | * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. | 309 | * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. |
| 310 | */ | 310 | */ |
| 311 | mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; | 311 | mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; |
| 312 | #if !defined(OPENSSL_NO_TLS1_2_CLIENT) | ||
| 313 | version = TLS1_2_VERSION; | 312 | version = TLS1_2_VERSION; |
| 314 | 313 | ||
| 315 | if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) | 314 | if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) |
| 316 | version = TLS1_1_VERSION; | 315 | version = TLS1_1_VERSION; |
| 317 | #else | ||
| 318 | version = TLS1_1_VERSION; | ||
| 319 | #endif | ||
| 320 | mask &= ~SSL_OP_NO_TLSv1_1; | 316 | mask &= ~SSL_OP_NO_TLSv1_1; |
| 321 | if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) | 317 | if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) |
| 322 | version = TLS1_VERSION; | 318 | version = TLS1_VERSION; |
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index e19aba5580..9af897eb47 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
| @@ -1304,7 +1304,6 @@ start: | |||
| 1304 | 1304 | ||
| 1305 | switch (rr->type) { | 1305 | switch (rr->type) { |
| 1306 | default: | 1306 | default: |
| 1307 | #ifndef OPENSSL_NO_TLS | ||
| 1308 | /* | 1307 | /* |
| 1309 | * TLS up to v1.1 just ignores unknown message types: | 1308 | * TLS up to v1.1 just ignores unknown message types: |
| 1310 | * TLS v1.2 give an unexpected message alert. | 1309 | * TLS v1.2 give an unexpected message alert. |
| @@ -1314,7 +1313,6 @@ start: | |||
| 1314 | rr->length = 0; | 1313 | rr->length = 0; |
| 1315 | goto start; | 1314 | goto start; |
| 1316 | } | 1315 | } |
| 1317 | #endif | ||
| 1318 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1316 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1319 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | 1317 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); |
| 1320 | goto f_err; | 1318 | goto f_err; |