Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep

the #define for compat, but document that it's a no-op now. Also, neuter the -legacy_renegotiation option to "openssl s_{client,server}" ok beck@
author: guenther <guenther@openbsd.org> 2014-04-18 15:39:53 +0000
committer: guenther <guenther@openbsd.org> 2014-04-18 15:39:53 +0000
commit: 4a5070f579eeac314136c9f15b58ae4f9baec16d (patch)
tree: f692478dd30d23b2b78aee599abbf2b2f1d7920b /lib/libssl/src/ssl/s3_pkt.c
parent: use the portable construct around asprintf; pointed out by halex (diff)
download: wireguard-openbsd-4a5070f579eeac314136c9f15b58ae4f9baec16d.tar.xz
wireguard-openbsd-4a5070f579eeac314136c9f15b58ae4f9baec16d.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c
index e901268a341..ec73ef50bd9 100644
--- a/lib/libssl/src/ssl/s3_pkt.c
+++ b/lib/libssl/src/ssl/s3_pkt.c
@@ -1095,8 +1095,7 @@ start:
 	    (s->version > SSL3_VERSION) &&
 	    (s->s3->handshake_fragment_len >= 4) &&
 	    (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
-	    (s->session != NULL) && (s->session->cipher != NULL) &&
-	    !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+	    (s->session != NULL) && (s->session->cipher != NULL)) {
 		/*s->s3->handshake_fragment_len = 0;*/
 		rr->length = 0;
 		ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
author	guenther <guenther@openbsd.org>	2014-04-18 15:39:53 +0000
committer	guenther <guenther@openbsd.org>	2014-04-18 15:39:53 +0000
commit	4a5070f579eeac314136c9f15b58ae4f9baec16d (patch)
tree	f692478dd30d23b2b78aee599abbf2b2f1d7920b /lib/libssl/src/ssl/s3_pkt.c
parent	use the portable construct around asprintf; pointed out by halex (diff)
download	wireguard-openbsd-4a5070f579eeac314136c9f15b58ae4f9baec16d.tar.xz wireguard-openbsd-4a5070f579eeac314136c9f15b58ae4f9baec16d.zip