From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 11 Dec 2009 00:22:12 +0000 (+0000)
Subject: Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL
X-Git-Tag: OpenSSL_0_9_8m-beta1~33
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ef4bd0167c16fd10da1cf102f3d85fd68691683f;p=oweals%2Fopenssl.git

Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL
---

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 9cf70487d9..5f8bc538b7 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -492,7 +492,6 @@ typedef struct ssl_session_st
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00000400L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -516,6 +515,8 @@ typedef struct ssl_session_st
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
+/* Permit unsafe legacy renegotiation */
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00040000L
 /* If set, always create a new key when using tmp_ecdh parameters */
 #define SSL_OP_SINGLE_ECDH_USE				0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */