generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add -no_resumption_on_reneg to SSL_CONF.

Browse Source 
(cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)
This commit is contained in:
Dr. Stephen Henson 2014-03-27 15:51:25 +00:00
parent e970f63dc0
commit f0ef019da2
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/s_server.c
View File

@ -1058,7 +1058,6 @@ int MAIN(int argc, char *argv[])
EVP_PKEY *s_key = NULL, *s_dkey = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0, ext_cache = 0; int no_cache = 0, ext_cache = 0;
int rev = 0, naccept = -1; int rev = 0, naccept = -1;
int c_no_resumption_on_reneg = 0;
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL; EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL; X509 *s_cert2 = NULL;
@ -1183,10 +1182,6 @@ int MAIN(int argc, char *argv[])
c_auth = 1; c_auth = 1;
} }
#endif #endif
else if (strcmp(*argv, "-no_resumption_on_reneg") == 0)
{
c_no_resumption_on_reneg = 1;
}
else if (strcmp(*argv,"-auth_require_reneg") == 0) else if (strcmp(*argv,"-auth_require_reneg") == 0)
{ {
c_auth_require_reneg = 1; c_auth_require_reneg = 1;
@ -1963,8 +1958,6 @@ bad:
} }
#endif #endif
if (c_no_resumption_on_reneg)
SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
goto end; goto end;
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT

7
doc/ssl/SSL_CONF_cmd.pod
View File

@ -133,6 +133,10 @@ Use server and not client preference order when determining which cipher suite,
signature algorithm or elliptic curve to use for an incoming connection. signature algorithm or elliptic curve to use for an incoming connection.
Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
=item B<-no_resumption_on_reneg>
set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.
=item B<-legacyrenegotiation> =item B<-legacyrenegotiation>
permits the use of unsafe legacy renegotiation. Equivalent to setting permits the use of unsafe legacy renegotiation. Equivalent to setting
@ -292,6 +296,9 @@ determining which cipher suite, signature algorithm or elliptic curve
to use for an incoming connection. Equivalent to to use for an incoming connection. Equivalent to
B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
B<NoResumptionOnRenegotiation> set
B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation.
Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.

2
ssl/ssl_conf.c
View File

@ -212,6 +212,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE),
SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
SSL_FLAG_TBL_SRV("no_resumption_on_reneg", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT), SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT),
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
@ -355,6 +356,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),