Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
6b0e9fac
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
6b0e9fac
编写于
23年前
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
New function SSL_renegotiate_pending().
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
上级
c404ff79
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
51 addition
and
4 deletion
+51
-4
CHANGES
CHANGES
+16
-0
ssl/s3_srvr.c
ssl/s3_srvr.c
+17
-2
ssl/ssl.h
ssl/ssl.h
+10
-2
ssl/ssl_lib.c
ssl/ssl_lib.c
+7
-0
util/ssleay.num
util/ssleay.num
+1
-0
未找到文件。
CHANGES
浏览文件 @
6b0e9fac
...
...
@@ -12,6 +12,22 @@
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+) New function SSL_renegotiate_pending(). This returns true once
renegotiation has been requested (either SSL_renegotiate() call
or HelloRequest/ClientHello receveived from the peer) and becomes
false once a handshake has been completed.
(For servers, SSL_renegotiate() followed by SSL_do_handshake()
sends a HelloRequest, but does not ensure that a handshake takes
place. SSL_renegotiate_pending() is useful for checking if the
client has followed the request.)
[Bodo Moeller]
+) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
By default, clients may request session resumption even during
renegotiation (if session ID contexts permit); with this option,
session resumption is possible only in the first handshake.
[Bodo Moeller]
*) Fix ssl3_accept (ssl/s3_srvr.c): Do not call ssl_init_wbio_buffer()
when just sending a HelloRequest as this could interfere with
application data writes (and is totally unnecessary).
...
...
This diff is collapsed.
Click to expand it.
ssl/s3_srvr.c
浏览文件 @
6b0e9fac
...
...
@@ -524,7 +524,9 @@ int ssl3_accept(SSL *s)
/* remove buffering on output */
ssl_free_wbio_buffer
(
s
);
s
->
new_session
=
0
;
if
(
s
->
new_session
==
2
)
s
->
new_session
=
0
;
/* if s->new_session is still 1, we have only sent a HelloRequest */
s
->
init_num
=
0
;
ssl_update_cache
(
s
,
SSL_SESS_CACHE_SERVER
);
...
...
@@ -673,7 +675,15 @@ static int ssl3_get_client_hello(SSL *s)
j
=
*
(
p
++
);
s
->
hit
=
0
;
if
(
j
==
0
)
/* Versions before 0.9.7 always allow session reuse during renegotiation
* (i.e. when s->new_session is true), option
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
* Maybe this optional behaviour should always have been the default,
* but we cannot safely change the default behaviour (or new applications
* might be written that become totally unsecure when compiled with
* an earlier library version)
*/
if
(
j
==
0
||
(
s
->
new_session
&&
(
s
->
options
&
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
)))
{
if
(
!
ssl_get_new_session
(
s
,
1
))
goto
err
;
...
...
@@ -694,6 +704,11 @@ static int ssl3_get_client_hello(SSL *s)
}
}
if
(
s
->
new_session
)
/* actually not necessarily a 'new' section unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
s
->
new_session
=
2
;
p
+=
j
;
n2s
(
p
,
i
);
if
((
i
==
0
)
&&
(
j
!=
0
))
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl.h
浏览文件 @
6b0e9fac
...
...
@@ -335,7 +335,8 @@ typedef struct ssl_session_st
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Set to also use the tmp_rsa key when doing RSA operations. */
/* Set to always use the tmp_rsa key when doing RSA operations,
* even when this violates protocol specs */
#define SSL_OP_EPHEMERAL_RSA 0x00200000L
/* Set on servers to choose the cipher according to the server's
* preferences */
...
...
@@ -345,6 +346,8 @@ typedef struct ssl_session_st
* (version 3.1) was announced in the client hello. Normally this is
* forbidden to prevent version rollback attacks. */
#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L
/* The next flag deliberately changes the ciphertest, this is a check
* for the PKCS#1 attack */
...
...
@@ -640,7 +643,11 @@ struct ssl_st
int
server
;
/* are we the server side? - mostly used by SSL_clear*/
int
new_session
;
/* 1 if we are to use a new session */
int
new_session
;
/* 1 if we are to use a new session,
* (sometimes 2 after a new session has in fact been assigned).
* NB: For servers, the 'new' session may actually be a previously
* cached session or even the previous session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
int
quiet_shutdown
;
/* don't send shutdown packets */
int
shutdown
;
/* we have shut things down, 0x01 sent, 0x02
* for received */
...
...
@@ -1157,6 +1164,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
int
SSL_do_handshake
(
SSL
*
s
);
int
SSL_renegotiate
(
SSL
*
s
);
int
SSL_renegotiate_pending
(
SSL
*
s
);
int
SSL_shutdown
(
SSL
*
s
);
SSL_METHOD
*
SSL_get_ssl_method
(
SSL
*
s
);
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_lib.c
浏览文件 @
6b0e9fac
...
...
@@ -836,6 +836,13 @@ int SSL_renegotiate(SSL *s)
return
(
s
->
method
->
ssl_renegotiate
(
s
));
}
int
SSL_renegotiate_pending
(
SSL
*
s
)
{
/* becomes true when negotiation is requested;
* false again once a handshake has finished */
return
(
s
->
new_session
!=
0
);
}
long
SSL_ctrl
(
SSL
*
s
,
int
cmd
,
long
larg
,
char
*
parg
)
{
long
l
;
...
...
This diff is collapsed.
Click to expand it.
util/ssleay.num
浏览文件 @
6b0e9fac
...
...
@@ -212,3 +212,4 @@ kssl_ctx_free 261 EXIST::FUNCTION:KRB5
kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5
kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5
SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION:
SSL_renegotiate_pending 265 EXIST::FUNCTION:
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部