From 9ef9f06708ef4fe615f3485f5d82f3fb919fdf03 Mon Sep 17 00:00:00 2001 From: miod <> Date: Fri, 13 Jun 2014 04:29:13 +0000 Subject: Remove support for the `opaque PRF input' extension, which draft has expired 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell. --- src/regress/lib/libssl/ssl/ssltest.c | 32 -------------------------------- 1 file changed, 32 deletions(-) (limited to 'src/regress/lib/libssl/ssl/ssltest.c') diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index 38c70906bb..ad24b1f713 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c @@ -380,31 +380,6 @@ err: } } -#ifdef TLSEXT_TYPE_opaque_prf_input - struct cb_info_st { void *input; - size_t len; - int ret; -}; - -struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */ -struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */ -struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */ -struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */ - -int -opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) -{ - struct cb_info_st *arg = arg_; - - if (arg == NULL) - return 1; - - if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len)) - return 0; - return arg->ret; -} -#endif - int main(int argc, char *argv[]) { @@ -747,13 +722,6 @@ bad: SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); -#ifdef TLSEXT_TYPE_opaque_prf_input - SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ -#endif - if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) { ERR_print_errors(bio_err); } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, -- cgit v1.2.3-55-g6feb