diff options
| author | jsing <> | 2021-02-08 17:20:47 +0000 |
|---|---|---|
| committer | jsing <> | 2021-02-08 17:20:47 +0000 |
| commit | 926ce18e7111ed216cb29761d69533568f55f9e4 (patch) | |
| tree | ec8ceaf50b7d51e2756dc97220dcddfa84c27a19 /src | |
| parent | 26ebb1aca573689e2b08aebdb451eec9d40ea174 (diff) | |
| download | openbsd-926ce18e7111ed216cb29761d69533568f55f9e4.tar.gz openbsd-926ce18e7111ed216cb29761d69533568f55f9e4.tar.bz2 openbsd-926ce18e7111ed216cb29761d69533568f55f9e4.zip | |
Remove bogus DTLS checks to disable ECC and OCSP.
ECC and OCSP can be used with DTLS, so remove bogus checks that currently
prevent it. These are long lasting remnants from the original OpenSSL code.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 9 |
2 files changed, 3 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index b67f8569cc..a48d97f17e 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.244 2021/01/28 17:00:38 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.245 2021/02/08 17:20:47 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1368,8 +1368,6 @@ ssl_has_ecc_ciphers(SSL *s) | |||
| 1368 | SSL_CIPHER *cipher; | 1368 | SSL_CIPHER *cipher; |
| 1369 | int i; | 1369 | int i; |
| 1370 | 1370 | ||
| 1371 | if (s->version == DTLS1_VERSION) | ||
| 1372 | return 0; | ||
| 1373 | if ((ciphers = SSL_get_ciphers(s)) == NULL) | 1371 | if ((ciphers = SSL_get_ciphers(s)) == NULL) |
| 1374 | return 0; | 1372 | return 0; |
| 1375 | 1373 | ||
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index e12820ba62..dca9de0305 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.85 2020/10/14 16:57:33 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.86 2021/02/08 17:20:47 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -401,9 +401,6 @@ tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 401 | int | 401 | int |
| 402 | tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type) | 402 | tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type) |
| 403 | { | 403 | { |
| 404 | if (s->version == DTLS1_VERSION) | ||
| 405 | return 0; | ||
| 406 | |||
| 407 | return ssl_using_ecc_cipher(s); | 404 | return ssl_using_ecc_cipher(s); |
| 408 | } | 405 | } |
| 409 | 406 | ||
| @@ -848,14 +845,12 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 848 | 845 | ||
| 849 | 846 | ||
| 850 | /* | 847 | /* |
| 851 | *Certificate Status Request - RFC 6066 section 8. | 848 | * Certificate Status Request - RFC 6066 section 8. |
| 852 | */ | 849 | */ |
| 853 | 850 | ||
| 854 | int | 851 | int |
| 855 | tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) | 852 | tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) |
| 856 | { | 853 | { |
| 857 | if (SSL_is_dtls(s)) | ||
| 858 | return 0; | ||
| 859 | if (msg_type != SSL_TLSEXT_MSG_CH) | 854 | if (msg_type != SSL_TLSEXT_MSG_CH) |
| 860 | return 0; | 855 | return 0; |
| 861 | 856 | ||