generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove TLS heartbeat, disable DTLS heartbeat

Browse Source 
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz
2016-01-25 13:30:37 -05:00
committed by Rich Salz
parent f3f1cf8444
commit 22e3dcb780
17 changed files with 94 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ssl/s3_lib.c
View File

@@ -3594,23 +3594,24 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break;
#ifndef OPENSSL_NO_HEARTBEATS
case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
if (SSL_IS_DTLS(s))
ret = dtls1_heartbeat(s);
else
ret = tls1_heartbeat(s);
break;
case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
ret = s->tlsext_hb_pending;
case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
if (SSL_IS_DTLS(s))
ret = s->tlsext_hb_pending;
break;
case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
if (larg)
s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
else
s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
ret = 1;
case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
if (SSL_IS_DTLS(s)) {
if (larg)
s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
else
s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
ret = 1;
}
break;
#endif