From 2c55a0bc93bf578757ec5c85bdb3abe9cf3f4893 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 15 May 2015 10:55:10 +0100 Subject: [PATCH] Add CHANGES entry for OPENSSL_NO_TLSEXT removal Reviewed-by: Rich Salz Reviewed-by: Richard Levitte --- CHANGES | 5 +++++ makevms.com | 3 --- ssl/ssl_cert.c | 1 - 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 397ff2c6e1..e1e0721601 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,11 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Given the pervasive nature of TLS extensions it is inadvisable to run + OpenSSL without support for them. It also means that maintaining + the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably + not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed. + [Matt Caswell] *) Version negotiation has been rewritten. In particular SSLv23_method(), SSLv23_client_method() and SSLv23_server_method() have been deprecated, diff --git a/makevms.com b/makevms.com index 37efdc8041..c1c3060b67 100755 --- a/makevms.com +++ b/makevms.com @@ -304,7 +304,6 @@ $ CONFIG_LOGICALS := AES,- STATIC_ENGINE,- STDIO,- STORE,- - TLSEXT,- UNIT_TEST,- WHIRLPOOL $ CONFIG_EXPERIMENTAL := JPAKE,- @@ -332,11 +331,9 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- SHA/SSL3,TLS1;- RSA,DSA/SSL3,TLS1;- DH/SSL3,TLS1;- - TLS1/TLSEXT;- EC/GOST;- DSA/GOST;- DH/GOST;- - TLSEXT/SRP,HEARTBEAT;- /STATIC_ENGINE;- /DEPRECATED;- /EC_NISTP_64_GCC_128;- diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index ab138ec491..6b39e25813 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -265,7 +265,6 @@ CERT *ssl_cert_dup(CERT *cert) goto err; } } - rpk->valid_flags = 0; if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ ret->pkeys[i].serverinfo = -- GitLab