diff options
| author | Philip Guenther <guenther@cvs.openbsd.org> | 2014-04-18 15:39:54 +0000 |
|---|---|---|
| committer | Philip Guenther <guenther@cvs.openbsd.org> | 2014-04-18 15:39:54 +0000 |
| commit | 3bc02608240d2138c80edbd3fa729478c8803da8 (patch) | |
| tree | 73cda27c5b6a8c42e4710fd0954fec31c1e179f7 | |
| parent | b2370c002317fe4a29974f044162cc2f4c605830 (diff) | |
Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep
the #define for compat, but document that it's a no-op now. Also, neuter
the -legacy_renegotiation option to "openssl s_{client,server}"
ok beck@
| -rw-r--r-- | lib/libssl/s3_pkt.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index e901268a341..ec73ef50bd9 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1095,8 +1095,7 @@ start: (s->version > SSL3_VERSION) && (s->s3->handshake_fragment_len >= 4) && (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + (s->session != NULL) && (s->session->cipher != NULL)) { /*s->s3->handshake_fragment_len = 0;*/ rr->length = 0; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); |