summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2023-12-29 12:24:34 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2023-12-29 12:24:34 +0000
commitda2cf959745bc6cd6131ff30f96c95a6ca1586da (patch)
tree7de9b7c3cc1b4fbac74124f27736c077c25ff7f4 /lib/libssl
parent2707c4900bdb06e4c4d51a254175e98d7c0ce753 (diff)
Neuter the SSL_set_debug(3) API
The TLSv1.3 stack didn't support this in the first place, and in the legacy stack it only added some dubious BIO_flush(3) calls. The sleep call between SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has been a sleep call in the s_server since time immemorial, nota bene between calls to BIO_gets(3). Anyway. This can all go and what remains will go with the next major bump. ok jsing
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/ssl_clnt.c7
-rw-r--r--lib/libssl/ssl_lib.c6
-rw-r--r--lib/libssl/ssl_local.h5
-rw-r--r--lib/libssl/ssl_srvr.c8
4 files changed, 5 insertions, 21 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 76ed10f8064..52f5de35a44 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.162 2023/11/19 15:50:29 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -631,11 +631,6 @@ ssl3_connect(SSL *s)
/* did we do anything */
if (!s->s3->hs.tls12.reuse_message && !skip) {
- if (s->debug) {
- if ((ret = BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
if (s->s3->hs.state != state) {
new_state = s->s3->hs.state;
s->s3->hs.state = state;
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index ce14ce710a7..c97441c9c01 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.317 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2933,8 +2933,6 @@ SSL_dup(SSL *s)
SSL_set_info_callback(ret, SSL_get_info_callback(s));
- ret->debug = s->debug;
-
/* copy app data, a little dangerous perhaps */
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
&ret->ex_data, &s->ex_data))
@@ -3488,7 +3486,7 @@ LSSL_ALIAS(SSL_set_msg_callback);
void
SSL_set_debug(SSL *s, int debug)
{
- s->debug = debug;
+ SSLerror(s, ERR_R_DISABLED);
}
LSSL_ALIAS(SSL_set_debug);
diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h
index a2c2588c38b..bd6275fac7e 100644
--- a/lib/libssl/ssl_local.h
+++ b/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.11 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1074,9 +1074,6 @@ struct ssl_st {
/* for server side, keep the list of CA_dn we can use */
STACK_OF(X509_NAME) *client_CA;
- /* set this flag to 1 and a sleep(1) is put into all SSL_read()
- * and SSL_write() calls, good for nbio debugging :-) */
- int debug;
long max_cert_list;
int first_packet;
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index a571549b647..f26fde50610 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.157 2023/11/18 10:51:09 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -740,12 +740,6 @@ ssl3_accept(SSL *s)
}
if (!s->s3->hs.tls12.reuse_message && !skip) {
- if (s->debug) {
- if ((ret = BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
-
if (s->s3->hs.state != state) {
new_state = s->s3->hs.state;
s->s3->hs.state = state;