projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e481f9b)
Add CHANGES entry for OPENSSL_NO_TLSEXT removal
authorMatt Caswell <matt@openssl.org>
Fri, 15 May 2015 09:55:10 +0000 (10:55 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 22 May 2015 22:11:22 +0000 (23:11 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CHANGES patch | blob | history
makevms.com patch | blob | history
ssl/ssl_cert.c patch | blob | history

diff --git a/CHANGES b/CHANGES
index 397ff2c6e1d0539a7a380d8d3080d2605b998a41..e1e0721601bde765238e10dfa27908a1e104e924 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
  _______________
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
+  *) Given the pervasive nature of TLS extensions it is inadvisable to run
+     OpenSSL without support for them. It also means that maintaining
+     the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
+     not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
+     [Matt Caswell]
 
   *) Version negotiation has been rewritten. In particular SSLv23_method(),
      SSLv23_client_method() and SSLv23_server_method() have been deprecated,
diff --git a/makevms.com b/makevms.com
index 37efdc804111fe83a552e0ca86b7b87937001a32..c1c3060b67fc33d7cb45e5a712b2782c4b21711d 100755 (executable)
--- a/makevms.com
+++ b/makevms.com
@@ -304,7 +304,6 @@ $ CONFIG_LOGICALS := AES,-
                     STATIC_ENGINE,-
                     STDIO,-
                     STORE,-
-                    TLSEXT,-
                     UNIT_TEST,-
                     WHIRLPOOL
 $ CONFIG_EXPERIMENTAL := JPAKE,-
@@ -332,11 +331,9 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
                          SHA/SSL3,TLS1;-
                          RSA,DSA/SSL3,TLS1;-
                          DH/SSL3,TLS1;-
-                         TLS1/TLSEXT;-
                          EC/GOST;-
                          DSA/GOST;-
                          DH/GOST;-
-                         TLSEXT/SRP,HEARTBEAT;-
                          /STATIC_ENGINE;-
                          /DEPRECATED;-
                          /EC_NISTP_64_GCC_128;-
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index ab138ec491fcbf126c3eda0cefcaf8ac39ab0aa3..6b39e25813860c2065ab381bc74c80b8c1fb2352 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -265,7 +265,6 @@ CERT *ssl_cert_dup(CERT *cert)
                 goto err;
             }
         }
-        rpk->valid_flags = 0;
         if (cert->pkeys[i].serverinfo != NULL) {
             /* Just copy everything. */
             ret->pkeys[i].serverinfo =
Unnamed repository; edit this file 'description' to name the repository.