-/* $OpenBSD: d1_srvr.c,v 1.52 2015/06/13 08:38:10 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
goto err;
}
p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
- s2n(j, p);
- i2d_X509_NAME(name, &p);
- n += 2 + j;
- nl += 2 + j;
- } else {
- d = p;
- i2d_X509_NAME(name, &p);
- j -= 2;
- s2n(j, d);
- j += 2;
- n += j;
- nl += j;
- }
+ s2n(j, p);
+ i2d_X509_NAME(name, &p);
+ n += 2 + j;
+ nl += 2 + j;
}
}
/* else no CA names */
.\"
-.\" $OpenBSD: SSL_CTX_set_options.3,v 1.5 2015/06/15 05:16:56 doug Exp $
+.\" $OpenBSD: SSL_CTX_set_options.3,v 1.6 2015/06/15 05:32:58 doug Exp $
.\"
.Dd $Mdocdate: June 15 2015 $
.Dt SSL_CTX_SET_OPTIONS 3
Because of the different protocol, for SSLv2 the server will send its list of
preferences to the client and the client chooses.
.It Dv SSL_OP_NETSCAPE_CA_DN_BUG
-If we accept a netscape connection, demand a client cert, have a
-non-self-signed CA which does not have its CA in netscape, and the browser has
-a cert, it will crash/hang.
-Works for 3.x and 4.xbeta
+As of
+.Ox 5.8 ,
+this option has no effect.
.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
As of
.Ox 5.8 ,
-/* $OpenBSD: s3_clnt.c,v 1.111 2015/03/31 13:17:48 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.112 2015/06/15 05:32:58 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
n2s(p, l);
if ((l + nc + 2) > llen) {
- if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- goto cont; /* netscape bugs */
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
SSL_R_CA_DN_TOO_LONG);
q = p;
if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
- /* If netscape tolerance is on, ignore errors */
- if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
- goto cont;
- else {
- ssl3_send_alert(s, SSL3_AL_FATAL,
- SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
- ERR_R_ASN1_LIB);
- goto err;
- }
+ ssl3_send_alert(s, SSL3_AL_FATAL,
+ SSL_AD_DECODE_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
+ ERR_R_ASN1_LIB);
+ goto err;
}
if (q != (p + l)) {
nc += l + 2;
}
- if (0) {
-cont:
- ERR_clear_error();
- }
-
/* we should setup a certificate to return.... */
s->s3->tmp.cert_req = 1;
s->s3->tmp.ctype_num = ctype_num;
-/* $OpenBSD: s3_srvr.c,v 1.105 2015/06/15 05:16:56 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.106 2015/06/15 05:32:58 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
goto err;
}
p = (unsigned char *)&(buf->data[4 + n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
- s2n(j, p);
- i2d_X509_NAME(name, &p);
- n += 2 + j;
- nl += 2 + j;
- } else {
- d = p;
- i2d_X509_NAME(name, &p);
- j -= 2;
- s2n(j, d);
- j += 2;
- n += j;
- nl += j;
- }
+ s2n(j, p);
+ i2d_X509_NAME(name, &p);
+ n += 2 + j;
+ nl += 2 + j;
}
}
/* else no CA names */
.\"
-.\" $OpenBSD: SSL_CTX_set_options.3,v 1.5 2015/06/15 05:16:56 doug Exp $
+.\" $OpenBSD: SSL_CTX_set_options.3,v 1.6 2015/06/15 05:32:58 doug Exp $
.\"
.Dd $Mdocdate: June 15 2015 $
.Dt SSL_CTX_SET_OPTIONS 3
Because of the different protocol, for SSLv2 the server will send its list of
preferences to the client and the client chooses.
.It Dv SSL_OP_NETSCAPE_CA_DN_BUG
-If we accept a netscape connection, demand a client cert, have a
-non-self-signed CA which does not have its CA in netscape, and the browser has
-a cert, it will crash/hang.
-Works for 3.x and 4.xbeta
+As of
+.Ox 5.8 ,
+this option has no effect.
.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
As of
.Ox 5.8 ,
-/* $OpenBSD: d1_srvr.c,v 1.52 2015/06/13 08:38:10 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.53 2015/06/15 05:32:58 doug Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
goto err;
}
p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
- s2n(j, p);
- i2d_X509_NAME(name, &p);
- n += 2 + j;
- nl += 2 + j;
- } else {
- d = p;
- i2d_X509_NAME(name, &p);
- j -= 2;
- s2n(j, d);
- j += 2;
- n += j;
- nl += j;
- }
+ s2n(j, p);
+ i2d_X509_NAME(name, &p);
+ n += 2 + j;
+ nl += 2 + j;
}
}
/* else no CA names */
-/* $OpenBSD: s3_clnt.c,v 1.111 2015/03/31 13:17:48 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.112 2015/06/15 05:32:58 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
n2s(p, l);
if ((l + nc + 2) > llen) {
- if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- goto cont; /* netscape bugs */
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
SSL_R_CA_DN_TOO_LONG);
q = p;
if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
- /* If netscape tolerance is on, ignore errors */
- if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
- goto cont;
- else {
- ssl3_send_alert(s, SSL3_AL_FATAL,
- SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
- ERR_R_ASN1_LIB);
- goto err;
- }
+ ssl3_send_alert(s, SSL3_AL_FATAL,
+ SSL_AD_DECODE_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
+ ERR_R_ASN1_LIB);
+ goto err;
}
if (q != (p + l)) {
nc += l + 2;
}
- if (0) {
-cont:
- ERR_clear_error();
- }
-
/* we should setup a certificate to return.... */
s->s3->tmp.cert_req = 1;
s->s3->tmp.ctype_num = ctype_num;
-/* $OpenBSD: s3_srvr.c,v 1.105 2015/06/15 05:16:56 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.106 2015/06/15 05:32:58 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
goto err;
}
p = (unsigned char *)&(buf->data[4 + n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
- s2n(j, p);
- i2d_X509_NAME(name, &p);
- n += 2 + j;
- nl += 2 + j;
- } else {
- d = p;
- i2d_X509_NAME(name, &p);
- j -= 2;
- s2n(j, d);
- j += 2;
- n += j;
- nl += j;
- }
+ s2n(j, p);
+ i2d_X509_NAME(name, &p);
+ n += 2 + j;
+ nl += 2 + j;
}
}
/* else no CA names */
projects / openbsd / commitdiff