diff options
author | Rich Salz <rsalz@akamai.com> | 2016-01-25 13:30:37 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-02-11 12:57:26 -0500 |
commit | 22e3dcb7808bb06cd18c3231e34a5930e796cc48 (patch) | |
tree | f4143956f14f3eb5bd225021b8f09ad66554e025 /include | |
parent | f3f1cf8444f439c0be9de04bf3821a20d00fd956 (diff) | |
download | openssl-22e3dcb7808bb06cd18c3231e34a5930e796cc48.tar.gz |
Remove TLS heartbeat, disable DTLS heartbeat
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.
This addresses RT 3647
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 10 | ||||
-rw-r--r-- | include/openssl/ssl3.h | 2 | ||||
-rw-r--r-- | include/openssl/tls1.h | 34 |
3 files changed, 31 insertions, 15 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c4b9826ccb..d51c2d4840 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -601,7 +601,7 @@ unsigned long SSL_set_options(SSL *s, unsigned long op); # ifndef OPENSSL_NO_HEARTBEATS # define SSL_heartbeat(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) + SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) # endif # define SSL_CTX_set_cert_flags(ctx,op) \ @@ -1177,9 +1177,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 # define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 # ifndef OPENSSL_NO_HEARTBEATS -# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 -# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 -# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 # endif # define DTLS_CTRL_GET_TIMEOUT 73 # define DTLS_CTRL_HANDLE_TIMEOUT 74 @@ -2125,11 +2125,9 @@ void ERR_load_SSL_strings(void); # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 # define SSL_F_TLS1_GET_CURVELIST 338 -# define SSL_F_TLS1_HEARTBEAT 315 # define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 # define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 # define SSL_F_TLS1_PRF 284 -# define SSL_F_TLS1_PROCESS_HEARTBEAT 341 # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 325fa94191..ecbe24715d 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -306,7 +306,7 @@ extern "C" { # define SSL3_RT_ALERT 21 # define SSL3_RT_HANDSHAKE 22 # define SSL3_RT_APPLICATION_DATA 23 -# define TLS1_RT_HEARTBEAT 24 +# define DTLS1_RT_HEARTBEAT 24 /* Pseudo content types to indicate additional parameters */ # define TLS1_RT_CRYPTO 0x1000 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index bf21b8e966..0f0d4a3713 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -391,14 +391,32 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # ifndef OPENSSL_NO_HEARTBEATS -# define SSL_TLSEXT_HB_ENABLED 0x01 -# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 -# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 - -# define SSL_get_tlsext_heartbeat_pending(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) -# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ - SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) +# define SSL_DTLSEXT_HB_ENABLED 0x01 +# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 +# define SSL_get_dtlsext_heartbeat_pending(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ + SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ + SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ + SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS +# define SSL_TLSEXT_HB_ENABLED \ + SSL_DTLSEXT_HB_ENABLED +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ + SSL_DTLSEXT_HB_DONT_SEND_REQUESTS +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ + SSL_DTLSEXT_HB_DONT_RECV_REQUESTS +# define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_get_dtlsext_heartbeat_pending(ssl) +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) +# endif # endif /* PSK ciphersuites from 4279 */ |