Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mono/boringssl.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/ssl/t1_lib.c
diff options
context:
space:
mode:
authorDavid Benjamin <davidben@chromium.org>2014-10-01 01:46:36 +0400
committerAdam Langley <agl@google.com>2014-10-01 02:59:23 +0400
commitef5c4946f3e89d4f0d97bf63e98b7d972c1b3cb3 (patch)
tree4199a2ea9ac86393a47d42daf2d98f2d591b673d /ssl/t1_lib.c
parent5b33a5e0dd7f1660a2f3f5569c7fb6e3675972db (diff)
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
We patch bugs into the runner implementation for testing, not our own. Change-Id: I0a8ac73eaeb70db131c01a0fd9c84f258589a884 Reviewed-on: https://boringssl-review.googlesource.com/1845 Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r--ssl/t1_lib.c35
1 files changed, 0 insertions, 35 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1741bdb7..5993ffd7 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2672,32 +2672,6 @@ int tls1_process_sigalgs(SSL *s, const CBS *sigalgs)
tls1_set_shared_sigalgs(s);
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
- {
- /* Use first set signature preference to force message
- * digest, ignoring any peer preferences.
- */
- const unsigned char *sigs = NULL;
- if (s->server)
- sigs = c->conf_sigalgs;
- else
- sigs = c->client_sigalgs;
- if (sigs)
- {
- idx = tls12_get_pkey_idx(sigs[1]);
- md = tls12_get_hash(sigs[0]);
- c->pkeys[idx].digest = md;
- c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
- if (idx == SSL_PKEY_RSA_SIGN)
- {
- c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
- c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
- }
- }
- }
-#endif
-
for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++)
{
@@ -2960,15 +2934,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
/* If no cert or key, forget it */
if (!x || !pk)
goto end;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /* Allow any certificate to pass test */
- if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
- {
- rv = CERT_PKEY_STRICT_FLAGS|CERT_PKEY_EXPLICIT_SIGN|CERT_PKEY_VALID|CERT_PKEY_SIGN;
- cpk->valid_flags = rv;
- return rv;
- }
-#endif
}
else
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 06:50:08 +0300