Remove NETSCAPE_HANG_BUG.

It dates to 2000 from upstream and is only used when serving client auth to Netscape. It will also get in the way when we get to merging DTLS and TLS handshake functions because NETSCAPE_HANG_BUG is not valid for DTLS as it is (the handshake fragmentation code will get confused). Removing per comment on https://boringssl-review.googlesource.com/#/c/2602/ Change-Id: Ia2d086205bbfed002dc33b2203a47206f373b820 Reviewed-on: https://boringssl-review.googlesource.com/3214 Reviewed-by: Adam Langley <agl@google.com>
2015-01-31 03:37:58 -05:00 · 2015-01-31 03:37:58 -05:00 · 79ae85e4f7
commit 79ae85e4f7
parent e33b9b0a87
2 changed files with 0 additions and 34 deletions
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@ -368,12 +368,7 @@ int dtls1_accept(SSL *s) {
          if (ret <= 0) {
            goto end;
          }
-#ifndef NETSCAPE_HANG_BUG
          s->state = SSL3_ST_SW_SRVR_DONE_A;
-#else
-          s->state = SSL3_ST_SW_FLUSH;
-          s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-#endif
          s->init_num = 0;
        }
        break;
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -146,8 +146,6 @@
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE. */

-#define NETSCAPE_HANG_BUG
-
 #include <assert.h>
 #include <stdio.h>
 #include <string.h>
@ -449,14 +447,7 @@ int ssl3_accept(SSL *s) {
          if (ret <= 0) {
            goto end;
          }
-#ifndef NETSCAPE_HANG_BUG
          s->state = SSL3_ST_SW_SRVR_DONE_A;
-#else
-          /* ServerHelloDone was already sent in the
-           * previous record. */
-          s->state = SSL3_ST_SW_FLUSH;
-          s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-#endif
          s->init_num = 0;
        }
        break;
@ -1741,26 +1732,6 @@ int ssl3_send_certificate_request(SSL *s) {
    s2n(nl, p);

    ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n);
-
-#ifdef NETSCAPE_HANG_BUG
-    if (!SSL_IS_DTLS(s)) {
-      /* Prepare a ServerHelloDone in the same record. This is to workaround a
-       * hang in Netscape. */
-      if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) {
-        OPENSSL_PUT_ERROR(SSL, ssl3_send_certificate_request, ERR_R_BUF_LIB);
-        goto err;
-      }
-      p = (uint8_t *)s->init_buf->data + s->init_num;
-      /* do the header */
-      *(p++) = SSL3_MT_SERVER_DONE;
-      *(p++) = 0;
-      *(p++) = 0;
-      *(p++) = 0;
-      s->init_num += 4;
-      ssl3_finish_mac(s, p - 4, 4);
-    }
-#endif
-
    s->state = SSL3_ST_SW_CERT_REQ_B;
  }