Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
ef51b4b9
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
ef51b4b9
编写于
12月 16, 2009
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
New option to enable/disable connection to unpatched servers
上级
c27c9cb4
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
24 addition
and
3 deletion
+24
-3
CHANGES
CHANGES
+5
-0
apps/s_client.c
apps/s_client.c
+8
-1
ssl/ssl.h
ssl/ssl.h
+2
-0
ssl/ssl3.h
ssl/ssl3.h
+2
-0
ssl/ssl_lib.c
ssl/ssl_lib.c
+4
-0
ssl/t1_lib.c
ssl/t1_lib.c
+3
-2
未找到文件。
CHANGES
浏览文件 @
ef51b4b9
...
...
@@ -863,6 +863,11 @@
Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
*) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
connect (but not renegotiate) with servers which do not support RI.
Until RI is more widely deployed this option is enabled by default.
[Steve Henson]
*) Add "missing" ssl ctrls to clear options and mode.
[Steve Henson]
...
...
apps/s_client.c
浏览文件 @
ef51b4b9
...
...
@@ -383,7 +383,7 @@ int MAIN(int, char **);
int
MAIN
(
int
argc
,
char
**
argv
)
{
int
off
=
0
;
unsigned
int
off
=
0
,
clr
=
0
;
SSL
*
con
=
NULL
;
int
s
,
k
,
width
,
state
=
0
;
char
*
cbuf
=
NULL
,
*
sbuf
=
NULL
,
*
mbuf
=
NULL
;
...
...
@@ -666,6 +666,10 @@ int MAIN(int argc, char **argv)
off
|=
SSL_OP_CIPHER_SERVER_PREFERENCE
;
else
if
(
strcmp
(
*
argv
,
"-legacy_renegotiation"
)
==
0
)
off
|=
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
;
else
if
(
strcmp
(
*
argv
,
"-legacy_server_connect"
)
==
0
)
{
off
|=
SSL_OP_LEGACY_SERVER_CONNECT
;
}
else
if
(
strcmp
(
*
argv
,
"-no_legacy_server_connect"
)
==
0
)
{
clr
|=
SSL_OP_LEGACY_SERVER_CONNECT
;
}
else
if
(
strcmp
(
*
argv
,
"-cipher"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
...
...
@@ -876,6 +880,9 @@ bad:
SSL_CTX_set_options
(
ctx
,
SSL_OP_ALL
|
off
);
else
SSL_CTX_set_options
(
ctx
,
off
);
if
(
clr
)
SSL_CTX_clear_options
(
ctx
,
clr
);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
...
...
ssl/ssl.h
浏览文件 @
ef51b4b9
...
...
@@ -518,6 +518,8 @@ typedef struct ssl_session_st
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
...
...
ssl/ssl3.h
浏览文件 @
ef51b4b9
...
...
@@ -129,7 +129,9 @@ extern "C" {
#endif
/* Magic Cipher Suite Value. NB: bogus value used for testing */
#ifndef SSL3_CK_MCSV
#define SSL3_CK_MCSV 0x03000FEC
#endif
#define SSL3_CK_RSA_NULL_MD5 0x03000001
#define SSL3_CK_RSA_NULL_SHA 0x03000002
...
...
ssl/ssl_lib.c
浏览文件 @
ef51b4b9
...
...
@@ -1677,6 +1677,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
}
#endif
#endif
/* Default is to connect to non-RI servers. When RI is more widely
* deployed might change this.
*/
ret
->
options
=
SSL_OP_LEGACY_SERVER_CONNECT
;
return
(
ret
);
err:
...
...
ssl/t1_lib.c
浏览文件 @
ef51b4b9
...
...
@@ -1157,8 +1157,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
* which doesn't support RI so for the immediate future tolerate RI
* absence on initial connect only.
*/
if
(
!
renegotiate_seen
&&
s
->
new_session
&&
!
(
s
->
options
&
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
))
if
(
!
renegotiate_seen
&&
(
s
->
new_session
||
!
(
s
->
options
&
SSL_OP_LEGACY_SERVER_CONNECT
))
&&
!
(
s
->
options
&
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
))
{
/* FIXME: Spec currently doesn't give alert to use */
*
al
=
SSL_AD_ILLEGAL_PARAMETER
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录