git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Wed, 10 May 2017 20:46:14 +0000 (16:46 -0400)
committer	Matt Caswell <matt@openssl.org>
	Tue, 30 Jan 2018 19:31:35 +0000 (19:31 +0000)
commit	6e127fdd1c7851eec4199cdec4ee0f8b748e7603
tree	7b57cba900bab7f6508ad0cb70081eea6a2545e5	tree \| snapshot
parent	12492580ffd561764111b5efbafde17125b91e92	commit \| diff

Add the SSL_OP_NO_RENEGOTIATION option to 1.1.0

This is based on a heavily modified version of commit db0f35dda by Todd
Short from the master branch.

We are adding this because it used to be possible to disable reneg using
the flag SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS in 1.0.2. This is no longer
possible because of the opacity work.

A point to note about this is that if an application built against new
1.1.0 headers (that know about the new option SSL_OP_NO_RENEGOTIATION
option) is run using an older version of 1.1.0 (that doesn't know about
the option) then the option will be accepted but nothing will happen, i.e.
renegotiation will not be prevented. There's probably not much we can do
about that.

Fixes #4739

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4901)

apps/apps.h		diff \| blob \| history
apps/s_server.c		diff \| blob \| history
doc/ssl/SSL_CONF_cmd.pod		diff \| blob \| history
doc/ssl/SSL_CTX_set_options.pod		diff \| blob \| history
include/openssl/ssl.h		diff \| blob \| history
ssl/record/rec_layer_d1.c		diff \| blob \| history
ssl/record/rec_layer_s3.c		diff \| blob \| history
ssl/ssl_conf.c		diff \| blob \| history
ssl/ssl_err.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
ssl/statem/statem.c		diff \| blob \| history
ssl/t1_lib.c		diff \| blob \| history
test/handshake_helper.c		diff \| blob \| history
test/ssl-tests/17-renegotiate.conf		diff \| blob \| history
test/ssl-tests/17-renegotiate.conf.in		diff \| blob \| history