diff options
| author | Alex Chernyakhovsky <achernya@google.com> | 2014-07-05 08:53:11 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-07-08 00:21:59 +0400 |
| commit | 9c890d4b70b3859efcd949be1476868a2a9ce0ff (patch) | |
| tree | dbed7a2b056ef0c656dc7785f6614b6211bf6cb9 | |
| parent | 3c5034e97ca6eb204f06b030c70fc6644bb217d4 (diff) | |
Remove SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_CA_DN_BUG is not included in SSL_OP_ALL.
Change-Id: I1635ad2721ed2742b1dff189d68bfc67a1c840a6
Reviewed-on: https://boringssl-review.googlesource.com/1102
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | ssl/s3_clnt.c | 20 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 19 | ||||
| -rw-r--r-- | ssl/ssl.h | 1 |
3 files changed, 7 insertions, 33 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d2e8b0e3..dfcc568f 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1962,8 +1962,6 @@ fclose(out); n2s(p,l); if ((l+nc+2) > llen) { - if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - goto cont; /* netscape bugs */ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_CA_DN_TOO_LONG); goto err; @@ -1973,15 +1971,9 @@ fclose(out); if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) { - /* If netscape tolerance is on, ignore errors */ - if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) - goto cont; - else - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB); - goto err; - } + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); + OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB); + goto err; } if (q != (p+l)) @@ -2000,12 +1992,6 @@ fclose(out); nc+=l+2; } - if (0) - { -cont: - ERR_clear_error(); - } - /* we should setup a certificate to return.... */ s->s3->tmp.cert_req=1; s->s3->tmp.ctype_num=ctype_num; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ccb37381..06088ec3 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2022,21 +2022,10 @@ int ssl3_send_certificate_request(SSL *s) goto err; } p = ssl_handshake_start(s) + n; - if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - { - s2n(j,p); - i2d_X509_NAME(name,&p); - n+=2+j; - nl+=2+j; - } - else - { - d=p; - i2d_X509_NAME(name,&p); - j-=2; s2n(j,d); j+=2; - n+=j; - nl+=j; - } + s2n(j,p); + i2d_X509_NAME(name,&p); + n+=2+j; + nl+=2+j; } } /* else no CA names */ @@ -620,7 +620,6 @@ struct ssl_session_st #define SSL_OP_PKCS1_CHECK_1 0x0 #define SSL_OP_PKCS1_CHECK_2 0x0 -#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success |