Remove support for ephemeral/temporary RSA private keys.

The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
author: jsing <jsing@openbsd.org> 2014-10-31 14:51:01 +0000
committer: jsing <jsing@openbsd.org> 2014-10-31 14:51:01 +0000
commit: 85bda7b83ce5c9f5db97200efe9d057e175bb7a7 (patch)
tree: 1ab42d89f73039708d653700c7c44eaddea67170 /lib/libssl/ssl3.h
parent: sync (diff)
download: wireguard-openbsd-85bda7b83ce5c9f5db97200efe9d057e175bb7a7.tar.xz
wireguard-openbsd-85bda7b83ce5c9f5db97200efe9d057e175bb7a7.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 9a28b4701f1..18afa304c94 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.26 2014/08/11 01:10:42 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.27 2014/10/31 14:51:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -473,7 +473,7 @@ typedef struct ssl3_state_st {
 		char ctype[SSL3_CT_NUMBER];
 		STACK_OF(X509_NAME) *ca_names;
 
-		int use_rsa_tmp;
+		int use_rsa_tmp;	/* XXX - remove at next bump. */
 
 		int key_block_length;
 		unsigned char *key_block;
author	jsing <jsing@openbsd.org>	2014-10-31 14:51:01 +0000
committer	jsing <jsing@openbsd.org>	2014-10-31 14:51:01 +0000
commit	85bda7b83ce5c9f5db97200efe9d057e175bb7a7 (patch)
tree	1ab42d89f73039708d653700c7c44eaddea67170 /lib/libssl/ssl3.h
parent	sync (diff)
download	wireguard-openbsd-85bda7b83ce5c9f5db97200efe9d057e175bb7a7.tar.xz wireguard-openbsd-85bda7b83ce5c9f5db97200efe9d057e175bb7a7.zip