From 765ba4f5df62ba013c7670d45f13bdd7b2a74707 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Thu, 10 Apr 2014 18:09:08 +0000
Subject: Disable Segglemann's RFC520 hearbeat.

I am completely blown away that the same IETF that cannot efficiently
allocate needed protocol, service numbers, or other such things when
they are needed, can so quickly and easily rubber stamp the addition
of a 64K Covert Channel in a critical protocol.  The organization
should look at itself very carefully, find out how this this happened,
and everyone who allowed this to happen on their watch should be
evicted from the decision making process.  IETF, I don't trust you.

ok tedu markus
---
 src/lib/libssl/ssl/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile
index ff511eb339..194f1a3a74 100644
--- a/src/lib/libssl/ssl/Makefile
+++ b/src/lib/libssl/ssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.28 2014/04/10 18:03:44 tedu Exp $
+# $OpenBSD: Makefile,v 1.29 2014/04/10 18:09:08 deraadt Exp $
 
 LIB=	ssl
 
@@ -9,7 +9,7 @@ LSSL_SRC= ${.CURDIR}/../${SSLEAYDIST}/ssl
 CFLAGS+= -DTERMIOS -DANSI_SOURCE
 CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5
 CFLAGS+= -DOPENSSL_NO_SSL2
-CFLAGS+= -DOPENSSL_NO_BUF_FREELISTS
+CFLAGS+= -DOPENSSL_NO_BUF_FREELISTS -DOPENSSL_NO_HEARTBEAT
 CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} -I${.CURDIR}/../${SSLEAYDIST}/crypto
 
 SRCS=\
-- 
cgit v1.2.3-55-g6feb