From 85bda7b83ce5c9f5db97200efe9d057e175bb7a7 Mon Sep 17 00:00:00 2001 From: jsing Date: Fri, 31 Oct 2014 14:51:01 +0000 Subject: Remove support for ephemeral/temporary RSA private keys. The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@ --- lib/libssl/src/ssl/ssl3.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/libssl/src/ssl/ssl3.h') diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h index 9a28b4701f1..18afa304c94 100644 --- a/lib/libssl/src/ssl/ssl3.h +++ b/lib/libssl/src/ssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.26 2014/08/11 01:10:42 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.27 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -473,7 +473,7 @@ typedef struct ssl3_state_st { char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; - int use_rsa_tmp; + int use_rsa_tmp; /* XXX - remove at next bump. */ int key_block_length; unsigned char *key_block; -- cgit v1.2.3-59-g8ed1b