From 699224b048c6b25b43ae354caeada118ba6b4d23 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 29 Dec 2023 12:24:33 +0000 Subject: [PATCH] Neuter the SSL_set_debug(3) API The TLSv1.3 stack didn't support this in the first place, and in the legacy stack it only added some dubious BIO_flush(3) calls. The sleep call between SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has been a sleep call in the s_server since time immemorial, nota bene between calls to BIO_gets(3). Anyway. This can all go and what remains will go with the next major bump. ok jsing --- lib/libssl/ssl_clnt.c | 7 +------ lib/libssl/ssl_lib.c | 6 ++---- lib/libssl/ssl_local.h | 5 +---- lib/libssl/ssl_srvr.c | 8 +------- 4 files changed, 5 insertions(+), 21 deletions(-) diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 76ed10f8064..52f5de35a44 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.162 2023/11/19 15:50:29 tb Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -631,11 +631,6 @@ ssl3_connect(SSL *s) /* did we do anything */ if (!s->s3->hs.tls12.reuse_message && !skip) { - if (s->debug) { - if ((ret = BIO_flush(s->wbio)) <= 0) - goto end; - } - if (s->s3->hs.state != state) { new_state = s->s3->hs.state; s->s3->hs.state = state; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index ce14ce710a7..c97441c9c01 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.317 2023/11/29 13:39:34 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2933,8 +2933,6 @@ SSL_dup(SSL *s) SSL_set_info_callback(ret, SSL_get_info_callback(s)); - ret->debug = s->debug; - /* copy app data, a little dangerous perhaps */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) @@ -3488,7 +3486,7 @@ LSSL_ALIAS(SSL_set_msg_callback); void SSL_set_debug(SSL *s, int debug) { - s->debug = debug; + SSLerror(s, ERR_R_DISABLED); } LSSL_ALIAS(SSL_set_debug); diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h index a2c2588c38b..bd6275fac7e 100644 --- a/lib/libssl/ssl_local.h +++ b/lib/libssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.11 2023/11/29 13:39:34 tb Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1074,9 +1074,6 @@ struct ssl_st { /* for server side, keep the list of CA_dn we can use */ STACK_OF(X509_NAME) *client_CA; - /* set this flag to 1 and a sleep(1) is put into all SSL_read() - * and SSL_write() calls, good for nbio debugging :-) */ - int debug; long max_cert_list; int first_packet; diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index a571549b647..f26fde50610 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.157 2023/11/18 10:51:09 tb Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -740,12 +740,6 @@ ssl3_accept(SSL *s) } if (!s->s3->hs.tls12.reuse_message && !skip) { - if (s->debug) { - if ((ret = BIO_flush(s->wbio)) <= 0) - goto end; - } - - if (s->s3->hs.state != state) { new_state = s->s3->hs.state; s->s3->hs.state = state; -- 2.20.1