diff options
| author | jsing <> | 2015-02-06 10:04:07 +0000 |
|---|---|---|
| committer | jsing <> | 2015-02-06 10:04:07 +0000 |
| commit | a56cd64072f7062672fbc04345ac7bed25aef5f2 (patch) | |
| tree | 2a74cdae8236f5417d8aada36d76a16fa837e41e /src | |
| parent | 9bec1611d9610ec152375d6e1f622b93ed03a1a0 (diff) | |
| download | openbsd-a56cd64072f7062672fbc04345ac7bed25aef5f2.tar.gz openbsd-a56cd64072f7062672fbc04345ac7bed25aef5f2.tar.bz2 openbsd-a56cd64072f7062672fbc04345ac7bed25aef5f2.zip | |
Unifdef NETSCAPE_HANG_BUG.
If you're still using a buggy version of Netscape from 2000, for HTTPS with
client certificates, it is probably a good time to find a new browser.
"kill it softly... with napalm and kisses" miod@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 23 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 23 |
2 files changed, 2 insertions, 44 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index e16eb6f5d0..4a2fdf1a23 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.97 2015/02/06 08:30:23 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.98 2015/02/06 10:04:07 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -149,7 +149,6 @@ | |||
| 149 | */ | 149 | */ |
| 150 | 150 | ||
| 151 | #define REUSE_CIPHER_BUG | 151 | #define REUSE_CIPHER_BUG |
| 152 | #define NETSCAPE_HANG_BUG | ||
| 153 | 152 | ||
| 154 | #include <stdio.h> | 153 | #include <stdio.h> |
| 155 | 154 | ||
| @@ -461,12 +460,7 @@ ssl3_accept(SSL *s) | |||
| 461 | ret = ssl3_send_certificate_request(s); | 460 | ret = ssl3_send_certificate_request(s); |
| 462 | if (ret <= 0) | 461 | if (ret <= 0) |
| 463 | goto end; | 462 | goto end; |
| 464 | #ifndef NETSCAPE_HANG_BUG | ||
| 465 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 463 | s->state = SSL3_ST_SW_SRVR_DONE_A; |
| 466 | #else | ||
| 467 | s->state = SSL3_ST_SW_FLUSH; | ||
| 468 | s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; | ||
| 469 | #endif | ||
| 470 | s->init_num = 0; | 464 | s->init_num = 0; |
| 471 | } | 465 | } |
| 472 | break; | 466 | break; |
| @@ -1772,21 +1766,6 @@ ssl3_send_certificate_request(SSL *s) | |||
| 1772 | /* we should now have things packed up, so lets send it off */ | 1766 | /* we should now have things packed up, so lets send it off */ |
| 1773 | s->init_num = n + 4; | 1767 | s->init_num = n + 4; |
| 1774 | s->init_off = 0; | 1768 | s->init_off = 0; |
| 1775 | #ifdef NETSCAPE_HANG_BUG | ||
| 1776 | if (!BUF_MEM_grow(buf, s->init_num + 4)) { | ||
| 1777 | SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, | ||
| 1778 | ERR_R_BUF_LIB); | ||
| 1779 | goto err; | ||
| 1780 | } | ||
| 1781 | p = (unsigned char *)buf->data + s->init_num; | ||
| 1782 | |||
| 1783 | /* do the header */ | ||
| 1784 | *(p++) = SSL3_MT_SERVER_DONE; | ||
| 1785 | *(p++) = 0; | ||
| 1786 | *(p++) = 0; | ||
| 1787 | *(p++) = 0; | ||
| 1788 | s->init_num += 4; | ||
| 1789 | #endif | ||
| 1790 | 1769 | ||
| 1791 | s->state = SSL3_ST_SW_CERT_REQ_B; | 1770 | s->state = SSL3_ST_SW_CERT_REQ_B; |
| 1792 | } | 1771 | } |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index e16eb6f5d0..4a2fdf1a23 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.97 2015/02/06 08:30:23 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.98 2015/02/06 10:04:07 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -149,7 +149,6 @@ | |||
| 149 | */ | 149 | */ |
| 150 | 150 | ||
| 151 | #define REUSE_CIPHER_BUG | 151 | #define REUSE_CIPHER_BUG |
| 152 | #define NETSCAPE_HANG_BUG | ||
| 153 | 152 | ||
| 154 | #include <stdio.h> | 153 | #include <stdio.h> |
| 155 | 154 | ||
| @@ -461,12 +460,7 @@ ssl3_accept(SSL *s) | |||
| 461 | ret = ssl3_send_certificate_request(s); | 460 | ret = ssl3_send_certificate_request(s); |
| 462 | if (ret <= 0) | 461 | if (ret <= 0) |
| 463 | goto end; | 462 | goto end; |
| 464 | #ifndef NETSCAPE_HANG_BUG | ||
| 465 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 463 | s->state = SSL3_ST_SW_SRVR_DONE_A; |
| 466 | #else | ||
| 467 | s->state = SSL3_ST_SW_FLUSH; | ||
| 468 | s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; | ||
| 469 | #endif | ||
| 470 | s->init_num = 0; | 464 | s->init_num = 0; |
| 471 | } | 465 | } |
| 472 | break; | 466 | break; |
| @@ -1772,21 +1766,6 @@ ssl3_send_certificate_request(SSL *s) | |||
| 1772 | /* we should now have things packed up, so lets send it off */ | 1766 | /* we should now have things packed up, so lets send it off */ |
| 1773 | s->init_num = n + 4; | 1767 | s->init_num = n + 4; |
| 1774 | s->init_off = 0; | 1768 | s->init_off = 0; |
| 1775 | #ifdef NETSCAPE_HANG_BUG | ||
| 1776 | if (!BUF_MEM_grow(buf, s->init_num + 4)) { | ||
| 1777 | SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, | ||
| 1778 | ERR_R_BUF_LIB); | ||
| 1779 | goto err; | ||
| 1780 | } | ||
| 1781 | p = (unsigned char *)buf->data + s->init_num; | ||
| 1782 | |||
| 1783 | /* do the header */ | ||
| 1784 | *(p++) = SSL3_MT_SERVER_DONE; | ||
| 1785 | *(p++) = 0; | ||
| 1786 | *(p++) = 0; | ||
| 1787 | *(p++) = 0; | ||
| 1788 | s->init_num += 4; | ||
| 1789 | #endif | ||
| 1790 | 1769 | ||
| 1791 | s->state = SSL3_ST_SW_CERT_REQ_B; | 1770 | s->state = SSL3_ST_SW_CERT_REQ_B; |
| 1792 | } | 1771 | } |