kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove SSL_OP_NETSCAPE_CA_DN_BUG

Browse Source 
SSL_OP_NETSCAPE_CA_DN_BUG is not included in SSL_OP_ALL.

Change-Id: I1635ad2721ed2742b1dff189d68bfc67a1c840a6
Reviewed-on: https://boringssl-review.googlesource.com/1102
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Alex Chernyakhovsky 2014-07-05 00:53:11 -04:00 committed by Adam Langley
parent 3c5034e97c
commit 9c890d4b70
3 changed files with 7 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ssl/s3_clnt.c
View File

@ -1962,8 +1962,6 @@ fclose(out);
n2s(p,l); n2s(p,l);
if ((l+nc+2) > llen) if ((l+nc+2) > llen)
{ {
if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
goto cont; /* netscape bugs */
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_CA_DN_TOO_LONG); OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_CA_DN_TOO_LONG);
goto err; goto err;
@ -1973,15 +1971,9 @@ fclose(out);
if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
{ {
/* If netscape tolerance is on, ignore errors */ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB);
goto cont; goto err;
else
{
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB);
goto err;
}
} }
if (q != (p+l)) if (q != (p+l))
@ -2000,12 +1992,6 @@ fclose(out);
nc+=l+2; nc+=l+2;
} }
if (0)
{
cont:
ERR_clear_error();
}
/* we should setup a certificate to return.... */ /* we should setup a certificate to return.... */
s->s3->tmp.cert_req=1; s->s3->tmp.cert_req=1;
s->s3->tmp.ctype_num=ctype_num; s->s3->tmp.ctype_num=ctype_num;

19
ssl/s3_srvr.c
View File

@ -2022,21 +2022,10 @@ int ssl3_send_certificate_request(SSL *s)
goto err; goto err;
} }
p = ssl_handshake_start(s) + n; p = ssl_handshake_start(s) + n;
if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) s2n(j,p);
{ i2d_X509_NAME(name,&p);
s2n(j,p); n+=2+j;
i2d_X509_NAME(name,&p); nl+=2+j;
n+=2+j;
nl+=2+j;
}
else
{
d=p;
i2d_X509_NAME(name,&p);
j-=2; s2n(j,d); j+=2;
n+=j;
nl+=j;
}
} }
} }
/* else no CA names */ /* else no CA names */

1
ssl/ssl.h
View File

@ -620,7 +620,6 @@ struct ssl_session_st
#define SSL_OP_PKCS1_CHECK_1 0x0 #define SSL_OP_PKCS1_CHECK_1 0x0
#define SSL_OP_PKCS1_CHECK_2 0x0 #define SSL_OP_PKCS1_CHECK_2 0x0
#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success