svn commit: r216046 - in stable/7/crypto/openssl: crypto/engine ssl
Simon L. Nielsen
simon at FreeBSD.org
Mon Nov 29 08:44:33 UTC 2010
Author: simon
Date: Mon Nov 29 08:44:32 2010
New Revision: 216046
URL: http://svn.freebsd.org/changeset/base/216046
Log:
Revert some FreeBSD specific changes (mainly made to fix various
security issues), and bring us back to using vendor versions of the
files.
This was already done on head and stable/8.
Modified:
stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c
stable/7/crypto/openssl/ssl/s3_lib.c
stable/7/crypto/openssl/ssl/s3_pkt.c
stable/7/crypto/openssl/ssl/s3_srvr.c
Modified: stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c
==============================================================================
--- stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c Mon Nov 29 08:17:44 2010 (r216045)
+++ stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c Mon Nov 29 08:44:32 2010 (r216046)
@@ -25,7 +25,6 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-/* $FreeBSD$ */
#include <openssl/objects.h>
#include <openssl/engine.h>
Modified: stable/7/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- stable/7/crypto/openssl/ssl/s3_lib.c Mon Nov 29 08:17:44 2010 (r216045)
+++ stable/7/crypto/openssl/ssl/s3_lib.c Mon Nov 29 08:44:32 2010 (r216046)
@@ -2607,9 +2607,6 @@ int ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
- if (1)
- return(0);
-
s->s3->renegotiate=1;
return(1);
}
Modified: stable/7/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- stable/7/crypto/openssl/ssl/s3_pkt.c Mon Nov 29 08:17:44 2010 (r216045)
+++ stable/7/crypto/openssl/ssl/s3_pkt.c Mon Nov 29 08:44:32 2010 (r216046)
@@ -992,7 +992,9 @@ start:
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
- if (0)
+ if (SSL_is_init_finished(s) &&
+ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+ !s->s3->renegotiate)
{
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
@@ -1156,7 +1158,8 @@ start:
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
- if (0)
+ if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
+ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
Modified: stable/7/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- stable/7/crypto/openssl/ssl/s3_srvr.c Mon Nov 29 08:17:44 2010 (r216045)
+++ stable/7/crypto/openssl/ssl/s3_srvr.c Mon Nov 29 08:44:32 2010 (r216046)
@@ -738,13 +738,6 @@ int ssl3_get_client_hello(SSL *s)
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
- if (s->new_session)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto f_err;
- }
-
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
More information about the svn-src-stable-7
mailing list