Add CHANGES entry for OPENSSL_NO_TLSEXT removal

Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-15 10:55:10 +01:00 · 2015-05-15 10:55:10 +01:00 · 2c55a0bc93
commit 2c55a0bc93
parent e481f9b90b
3 changed files with 5 additions and 4 deletions
--- a/5
+++ b/5
@ -3,6 +3,11 @@
 _______________

 Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
+  *) Given the pervasive nature of TLS extensions it is inadvisable to run
+     OpenSSL without support for them. It also means that maintaining
+     the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
+     not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
+     [Matt Caswell]

  *) Version negotiation has been rewritten. In particular SSLv23_method(),
     SSLv23_client_method() and SSLv23_server_method() have been deprecated,
--- a/makevms.com
+++ b/makevms.com
@ -304,7 +304,6 @@ $ CONFIG_LOGICALS := AES,-
 		     STATIC_ENGINE,-
 		     STDIO,-
 		     STORE,-
-		     TLSEXT,-
 		     UNIT_TEST,-
 		     WHIRLPOOL
 $ CONFIG_EXPERIMENTAL := JPAKE,-
@ -332,11 +331,9 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
 			  SHA/SSL3,TLS1;-
 			  RSA,DSA/SSL3,TLS1;-
 			  DH/SSL3,TLS1;-
-			  TLS1/TLSEXT;-
 			  EC/GOST;-
 			  DSA/GOST;-
 			  DH/GOST;-
-			  TLSEXT/SRP,HEARTBEAT;-
 			  /STATIC_ENGINE;-
 			  /DEPRECATED;-
 			  /EC_NISTP_64_GCC_128;-
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@ -265,7 +265,6 @@ CERT *ssl_cert_dup(CERT *cert)
                goto err;
            }
        }
-        rpk->valid_flags = 0;
        if (cert->pkeys[i].serverinfo != NULL) {
            /* Just copy everything. */
            ret->pkeys[i].serverinfo =