[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Feb 26 23:29:42 UTC 2015
The branch master has been updated
via cf61ef75be301d41696b6b45ce992562058c350a (commit)
from 7a4dadc3a6a487db92619622b820eb4f7be512c9 (commit)
- Log -----------------------------------------------------------------
commit cf61ef75be301d41696b6b45ce992562058c350a
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 25 23:28:24 2015 +0000
Remove NETSCAPE_HANG_BUG
NETSCAPE_HANG_BUG is a workaround for a browser bug from many years ago
(2000).
It predates DTLS, so certainly has no place in d1_srvr.c.
In s3_srvr.c it forces the ServerDone to appear in the same record as the
CertificateRequest when doing client auth.
BoringSSL have already made the same commit:
79ae85e4f777f94d91b7be19e8a62016cb55b3c5
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_srvr.c | 11 -----------
ssl/s3_srvr.c | 22 ----------------------
2 files changed, 33 deletions(-)
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index c5a5924..bcf63e0 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -556,7 +556,6 @@ int dtls1_accept(SSL *s)
ret = ssl3_send_certificate_request(s);
if (ret <= 0)
goto end;
-#ifndef NETSCAPE_HANG_BUG
s->state = SSL3_ST_SW_SRVR_DONE_A;
# ifndef OPENSSL_NO_SCTP
if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
@@ -564,16 +563,6 @@ int dtls1_accept(SSL *s)
s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
}
# endif
-#else
- s->state = SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-# ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = s->s3->tmp.next_state;
- s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
-# endif
-#endif
s->init_num = 0;
}
break;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 6adf4dc..48dee10 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -148,7 +148,6 @@
* OTHERWISE.
*/
-#define NETSCAPE_HANG_BUG
#include <stdio.h>
#include "ssl_locl.h"
@@ -541,12 +540,7 @@ int ssl3_accept(SSL *s)
ret = ssl3_send_certificate_request(s);
if (ret <= 0)
goto end;
-#ifndef NETSCAPE_HANG_BUG
s->state = SSL3_ST_SW_SRVR_DONE_A;
-#else
- s->state = SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-#endif
s->init_num = 0;
}
break;
@@ -2045,22 +2039,6 @@ int ssl3_send_certificate_request(SSL *s)
ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n);
-#ifdef NETSCAPE_HANG_BUG
- if (!SSL_IS_DTLS(s)) {
- if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) {
- SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
- goto err;
- }
- p = (unsigned char *)s->init_buf->data + s->init_num;
- /* do the header */
- *(p++) = SSL3_MT_SERVER_DONE;
- *(p++) = 0;
- *(p++) = 0;
- *(p++) = 0;
- s->init_num += 4;
- }
-#endif
-
s->state = SSL3_ST_SW_CERT_REQ_B;
}
More information about the openssl-commits
mailing list