[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Fri Aug 26 12:41:02 UTC 2016 

The branch OpenSSL_1_0_2-stable has been updated
       via  847fe929108da550b506594f52fa1875ea815723 (commit)
      from  3953bf53dac62bf8d2e5ebeabc94df388576a8ce (commit)


- Log -----------------------------------------------------------------
commit 847fe929108da550b506594f52fa1875ea815723
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Aug 26 13:11:17 2016 +0100

    Fix the no-tls1 option
    
    This also fixes no-tls which is an alias for no-tls1 in 1.0.2 (it is not
    possible to do no-tls1_1 or no-tls1_2 in 1.0.2).
    
    Because it is not possible to disable TLS1.1 or TLS1.2 it no longer follows
    that disabling TLS1.0 should force the disabling of tlsext.
    
    Also a few missing ifdef guards.
    
    GitHub Iusse#935
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 Configure     | 5 -----
 apps/srp.c    | 2 ++
 ssl/ssltest.c | 3 +++
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Configure b/Configure
index 3a77276..695b37d 100755
--- a/Configure
+++ b/Configure
@@ -1082,11 +1082,6 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
 	$disabled{"tls1"} = "forced";
 	}
 
-if (defined($disabled{"tls1"}))
-	{
-	$disabled{"tlsext"} = "forced";
-	}
-
 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
     || defined($disabled{"dh"}))
 	{
diff --git a/apps/srp.c b/apps/srp.c
index c0ff417..c75052f 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -765,4 +765,6 @@ int MAIN(int argc, char **argv)
     OPENSSL_EXIT(ret);
 }
 
+#else
+static void *dummy = &dummy;
 #endif
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 1db84ad..890e476 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -3141,9 +3141,12 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
 
 static int do_test_cipherlist(void)
 {
+#if !defined(OPENSSL_NO_SSL2) || !defined(OPENSSL_NO_SSL3) || \
+    !defined(OPENSSL_NO_TLS1)
     int i = 0;
     const SSL_METHOD *meth;
     const SSL_CIPHER *ci, *tci = NULL;
+#endif
 
 #ifndef OPENSSL_NO_SSL2
     fprintf(stderr, "testing SSLv2 cipher list order: ");

More information about the openssl-commits mailing list