diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2023-12-29 12:24:34 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-12-29 12:24:34 +0000 |
commit | da2cf959745bc6cd6131ff30f96c95a6ca1586da (patch) | |
tree | 7de9b7c3cc1b4fbac74124f27736c077c25ff7f4 /lib/libssl | |
parent | 2707c4900bdb06e4c4d51a254175e98d7c0ce753 (diff) |
Neuter the SSL_set_debug(3) API
The TLSv1.3 stack didn't support this in the first place, and in the legacy
stack it only added some dubious BIO_flush(3) calls. The sleep call between
SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has
been a sleep call in the s_server since time immemorial, nota bene between
calls to BIO_gets(3). Anyway. This can all go and what remains will go with
the next major bump.
ok jsing
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/ssl_clnt.c | 7 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 6 | ||||
-rw-r--r-- | lib/libssl/ssl_local.h | 5 | ||||
-rw-r--r-- | lib/libssl/ssl_srvr.c | 8 |
4 files changed, 5 insertions, 21 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 76ed10f8064..52f5de35a44 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.162 2023/11/19 15:50:29 tb Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -631,11 +631,6 @@ ssl3_connect(SSL *s) /* did we do anything */ if (!s->s3->hs.tls12.reuse_message && !skip) { - if (s->debug) { - if ((ret = BIO_flush(s->wbio)) <= 0) - goto end; - } - if (s->s3->hs.state != state) { new_state = s->s3->hs.state; s->s3->hs.state = state; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index ce14ce710a7..c97441c9c01 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.317 2023/11/29 13:39:34 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2933,8 +2933,6 @@ SSL_dup(SSL *s) SSL_set_info_callback(ret, SSL_get_info_callback(s)); - ret->debug = s->debug; - /* copy app data, a little dangerous perhaps */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) @@ -3488,7 +3486,7 @@ LSSL_ALIAS(SSL_set_msg_callback); void SSL_set_debug(SSL *s, int debug) { - s->debug = debug; + SSLerror(s, ERR_R_DISABLED); } LSSL_ALIAS(SSL_set_debug); diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h index a2c2588c38b..bd6275fac7e 100644 --- a/lib/libssl/ssl_local.h +++ b/lib/libssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.11 2023/11/29 13:39:34 tb Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1074,9 +1074,6 @@ struct ssl_st { /* for server side, keep the list of CA_dn we can use */ STACK_OF(X509_NAME) *client_CA; - /* set this flag to 1 and a sleep(1) is put into all SSL_read() - * and SSL_write() calls, good for nbio debugging :-) */ - int debug; long max_cert_list; int first_packet; diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index a571549b647..f26fde50610 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.157 2023/11/18 10:51:09 tb Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -740,12 +740,6 @@ ssl3_accept(SSL *s) } if (!s->s3->hs.tls12.reuse_message && !skip) { - if (s->debug) { - if ((ret = BIO_flush(s->wbio)) <= 0) - goto end; - } - - if (s->s3->hs.state != state) { new_state = s->s3->hs.state; s->s3->hs.state = state; |