Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
f0ef019d
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
f0ef019d
编写于
3月 27, 2014
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add -no_resumption_on_reneg to SSL_CONF.
(cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)
上级
e970f63d
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
9 addition
and
7 deletion
+9
-7
apps/s_server.c
apps/s_server.c
+0
-7
doc/ssl/SSL_CONF_cmd.pod
doc/ssl/SSL_CONF_cmd.pod
+7
-0
ssl/ssl_conf.c
ssl/ssl_conf.c
+2
-0
未找到文件。
apps/s_server.c
浏览文件 @
f0ef019d
...
...
@@ -1058,7 +1058,6 @@ int MAIN(int argc, char *argv[])
EVP_PKEY
*
s_key
=
NULL
,
*
s_dkey
=
NULL
;
int
no_cache
=
0
,
ext_cache
=
0
;
int
rev
=
0
,
naccept
=
-
1
;
int
c_no_resumption_on_reneg
=
0
;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY
*
s_key2
=
NULL
;
X509
*
s_cert2
=
NULL
;
...
...
@@ -1183,10 +1182,6 @@ int MAIN(int argc, char *argv[])
c_auth
=
1
;
}
#endif
else
if
(
strcmp
(
*
argv
,
"-no_resumption_on_reneg"
)
==
0
)
{
c_no_resumption_on_reneg
=
1
;
}
else
if
(
strcmp
(
*
argv
,
"-auth_require_reneg"
)
==
0
)
{
c_auth_require_reneg
=
1
;
...
...
@@ -1963,8 +1958,6 @@ bad:
}
#endif
if
(
c_no_resumption_on_reneg
)
SSL_CTX_set_options
(
ctx
,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
);
if
(
!
set_cert_key_stuff
(
ctx
,
s_cert
,
s_key
,
s_chain
,
build_chain
))
goto
end
;
#ifndef OPENSSL_NO_TLSEXT
...
...
doc/ssl/SSL_CONF_cmd.pod
浏览文件 @
f0ef019d
...
...
@@ -133,6 +133,10 @@ Use server and not client preference order when determining which cipher suite,
signature algorithm or elliptic curve to use for an incoming connection.
Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
=item B<-no_resumption_on_reneg>
set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.
=item B<-legacyrenegotiation>
permits the use of unsafe legacy renegotiation. Equivalent to setting
...
...
@@ -292,6 +296,9 @@ determining which cipher suite, signature algorithm or elliptic curve
to use for an incoming connection. Equivalent to
B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
B<NoResumptionOnRenegotiation> set
B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation.
Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
...
...
ssl/ssl_conf.c
浏览文件 @
f0ef019d
...
...
@@ -212,6 +212,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
SSL_FLAG_TBL_SRV
(
"serverpref"
,
SSL_OP_CIPHER_SERVER_PREFERENCE
),
SSL_FLAG_TBL
(
"legacy_renegotiation"
,
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
),
SSL_FLAG_TBL_SRV
(
"legacy_server_connect"
,
SSL_OP_LEGACY_SERVER_CONNECT
),
SSL_FLAG_TBL_SRV
(
"no_resumption_on_reneg"
,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
),
SSL_FLAG_TBL_SRV_INV
(
"no_legacy_server_connect"
,
SSL_OP_LEGACY_SERVER_CONNECT
),
SSL_FLAG_TBL_CERT
(
"strict"
,
SSL_CERT_FLAG_TLS_STRICT
),
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
...
...
@@ -355,6 +356,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL
(
"Bugs"
,
SSL_OP_ALL
),
SSL_FLAG_TBL_INV
(
"Compression"
,
SSL_OP_NO_COMPRESSION
),
SSL_FLAG_TBL_SRV
(
"ServerPreference"
,
SSL_OP_CIPHER_SERVER_PREFERENCE
),
SSL_FLAG_TBL_SRV
(
"NoResumptionOnRenegotiation"
,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
),
SSL_FLAG_TBL_SRV
(
"DHSingle"
,
SSL_OP_SINGLE_DH_USE
),
SSL_FLAG_TBL_SRV
(
"ECDHSingle"
,
SSL_OP_SINGLE_ECDH_USE
),
SSL_FLAG_TBL
(
"UnsafeLegacyRenegotiation"
,
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
),
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录