diff options
| author | Matt Caswell <matt@openssl.org> | 2015-02-05 15:57:54 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-02-06 11:35:07 +0000 |
| commit | 3c33c6f6b10864355553961e638514a6d1bb00f6 (patch) | |
| tree | 8caee8cdeddc8a9a17f832f7edf1305bb17de759 /ssl/s3_clnt.c | |
| parent | ae632974f905c59176fa5f312826f8f692890b67 (diff) | |
| download | openssl-3c33c6f6b10864355553961e638514a6d1bb00f6.tar.gz | |
Remove support for SSL_OP_NETSCAPE_CA_DN_BUG.
This is an ancient bug workaround for Netscape clients. The documentation
talks about versions 3.x and 4.x beta.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/s3_clnt.c')
| -rw-r--r-- | ssl/s3_clnt.c | 18 |
1 files changed, 3 insertions, 15 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 5e2b543e6b..4d7d05b608 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2109,8 +2109,6 @@ int ssl3_get_certificate_request(SSL *s) for (nc = 0; nc < llen;) { n2s(p, l); if ((l + nc + 2) > llen) { - if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - goto cont; /* netscape bugs */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); goto err; @@ -2119,14 +2117,9 @@ int ssl3_get_certificate_request(SSL *s) q = p; if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) { - /* If netscape tolerance is on, ignore errors */ - if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) - goto cont; - else { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); - goto err; - } + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); + goto err; } if (q != (p + l)) { @@ -2144,11 +2137,6 @@ int ssl3_get_certificate_request(SSL *s) nc += l + 2; } - if (0) { - cont: - ERR_clear_error(); - } - /* we should setup a certificate to return.... */ s->s3->tmp.cert_req = 1; s->s3->tmp.ctype_num = ctype_num; |