static char *keymatexportlabel = NULL;
static int keymatexportlen = 20;
-static int hack = 0;
#ifndef OPENSSL_NO_ENGINE
static char *engine_id = NULL;
#endif
s_msg = 0;
s_quiet = 0;
s_brief = 0;
- hack = 0;
# ifndef OPENSSL_NO_ENGINE
engine_id = NULL;
# endif
BIO_printf(bio_err,
"-no_resume_ephemeral - Disable caching and tickets if ephemeral (EC)DH is used\n");
BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n");
- BIO_printf(bio_err,
- " -hack - workaround for early Netscape code\n");
BIO_printf(bio_err,
" -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err,
sdebug = 1;
} else if (strcmp(*argv, "-security_debug_verbose") == 0) {
sdebug = 2;
- } else if (strcmp(*argv, "-hack") == 0) {
- hack = 1;
} else if (strcmp(*argv, "-state") == 0) {
state = 1;
} else if (strcmp(*argv, "-crlf") == 0) {
BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
}
SSL_CTX_set_quiet_shutdown(ctx, 1);
- if (hack)
- SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
if (exc)
ssl_ctx_set_excert(ctx, exc);
BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
}
SSL_CTX_set_quiet_shutdown(ctx2, 1);
- if (hack)
- SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
if (exc)
ssl_ctx_set_excert(ctx2, exc);
}
for (;;) {
- if (hack) {
- i = SSL_accept(con);
-#ifndef OPENSSL_NO_SRP
- while (i <= 0
- && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
- BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
- srp_callback_parm.login);
- srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
- if (srp_callback_parm.user)
- BIO_printf(bio_s_out, "LOOKUP done %s\n",
- srp_callback_parm.user->info);
- else
- BIO_printf(bio_s_out, "LOOKUP not successful\n");
- i = SSL_accept(con);
- }
-#endif
- switch (SSL_get_error(con, i)) {
- case SSL_ERROR_NONE:
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_X509_LOOKUP:
- continue;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- case SSL_ERROR_ZERO_RETURN:
- ret = 1;
- goto err;
- /* break; */
- }
-
- SSL_renegotiate(con);
- SSL_write(con, NULL, 0);
- }
-
i = BIO_gets(io, buf, bufsize - 1);
if (i < 0) { /* error */
if (!BIO_should_retry(io)) {
* OTHERWISE.
*/
-#define REUSE_CIPHER_BUG
#define NETSCAPE_HANG_BUG
#include <stdio.h>
s->tlsext_ticket_expected = 0;
} else {
/* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *nc = NULL;
- SSL_CIPHER *ec = NULL;
-
- if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
- sk = s->session->ciphers;
- for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
- c = sk_SSL_CIPHER_value(sk, i);
- if (c->algorithm_enc & SSL_eNULL)
- nc = c;
- if (SSL_C_IS_EXPORT(c))
- ec = c;
- }
- if (nc != NULL)
- s->s3->tmp.new_cipher = nc;
- else if (ec != NULL)
- s->s3->tmp.new_cipher = ec;
- else
- s->s3->tmp.new_cipher = s->session->cipher;
- } else
-#endif
- s->s3->tmp.new_cipher = s->session->cipher;
+ s->s3->tmp.new_cipher = s->session->cipher;
}
if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) {
projects / oweals / openssl.git / commitdiff