projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1b690c1)
PR: 2171
authorDr. Stephen Henson <steve@openssl.org>
Tue, 16 Feb 2010 14:19:42 +0000 (14:19 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 16 Feb 2010 14:19:42 +0000 (14:19 +0000)
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.

ssl/s23_clnt.c patch | blob | history
ssl/s23_srvr.c patch | blob | history

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 70425997dff43723f32247e15beab5e9fe85b8c4..de0238935a2f93bbaff8a4431cced9b805993a7e 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -235,8 +235,6 @@ static int ssl23_client_hello(SSL *s)
                        ssl2_compat = 0;
                if (s->tlsext_status_type != -1)
                        ssl2_compat = 0;
-               if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-                       ssl2_compat = 0;
                }
 #endif
 
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index a3fc34d64a31de95a486a9964f64a30091f6eed7..be05911e96a24ed5b5cac3429a8d17cc5df37641 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -493,11 +493,6 @@ int ssl23_get_client_hello(SSL *s)
                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
                goto err;
 #else
-               if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-                       {
-                       SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                       goto err;
-                       }
                /* we are talking sslv2 */
                /* we need to clean up the SSLv3/TLSv1 setup and put in the
                 * sslv2 stuff. */
Unnamed repository; edit this file 'description' to name the repository.