Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
22c98d4a
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
22c98d4a
编写于
4月 08, 2009
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update from 1.0.0-stable
上级
cc7399e7
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
26 addition
and
2 deletion
+26
-2
CHANGES
CHANGES
+6
-0
crypto/x509v3/v3_alt.c
crypto/x509v3/v3_alt.c
+1
-0
ssl/s23_clnt.c
ssl/s23_clnt.c
+17
-0
ssl/ssl.h
ssl/ssl.h
+2
-2
未找到文件。
CHANGES
浏览文件 @
22c98d4a
...
...
@@ -4,6 +4,12 @@
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
*) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
this allows the use of compression and extensions. Change default cipher
string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
by default unless an application cipher string requests it.
[Steve Henson]
*) Alter match criteria in PKCS12_parse(). It used to try to use local
key ids to find matching certificates and keys but some PKCS#12 files
don't follow the (somewhat unwritten) rules and this strategy fails.
...
...
crypto/x509v3/v3_alt.c
浏览文件 @
22c98d4a
...
...
@@ -366,6 +366,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
if
(
move_p
)
{
X509_NAME_delete_entry
(
nm
,
i
);
X509_NAME_ENTRY_free
(
ne
);
i
--
;
}
if
(
!
email
||
!
(
gen
=
GENERAL_NAME_new
()))
{
...
...
ssl/s23_clnt.c
浏览文件 @
22c98d4a
...
...
@@ -250,6 +250,20 @@ end:
return
(
ret
);
}
static
int
ssl23_no_ssl2_ciphers
(
SSL
*
s
)
{
SSL_CIPHER
*
cipher
;
STACK_OF
(
SSL_CIPHER
)
*
ciphers
;
int
i
;
ciphers
=
SSL_get_ciphers
(
s
);
for
(
i
=
0
;
i
<
sk_SSL_CIPHER_num
(
ciphers
);
i
++
)
{
cipher
=
sk_SSL_CIPHER_value
(
ciphers
,
i
);
if
(
cipher
->
algorithm_ssl
==
SSL_SSLV2
)
return
0
;
}
return
1
;
}
static
int
ssl23_client_hello
(
SSL
*
s
)
{
...
...
@@ -264,6 +278,9 @@ static int ssl23_client_hello(SSL *s)
ssl2_compat
=
(
s
->
options
&
SSL_OP_NO_SSLv2
)
?
0
:
1
;
if
(
ssl2_compat
&&
ssl23_no_ssl2_ciphers
(
s
))
ssl2_compat
=
0
;
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
{
version
=
TLS1_VERSION
;
...
...
ssl/ssl.h
浏览文件 @
22c98d4a
...
...
@@ -324,8 +324,8 @@ extern "C" {
/* The following cipher list is used by default.
* It also is substituted when an application-defined cipher list string
* starts with 'DEFAULT'. */
#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL"
/* As of OpenSSL
0.9.9
, ssl_create_cipher_list() in ssl/ssl_ciph.c always
#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL
:!SSlv2
"
/* As of OpenSSL
1.0.0
, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
* throwing out anonymous and unencrypted ciphersuites!
* (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录