From 5bbe2134188a45a937e7aefd46b7eeee258d0ab8 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Sun, 13 Jun 2021 10:49:47 -0400
Subject: [PATCH] Remove "-immedate_renegotiation" option

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15415)
---
 apps/include/opt.h        | 4 +---
 apps/s_client.c           | 3 ---
 apps/s_server.c           | 6 ------
 doc/man3/SSL_CONF_cmd.pod | 6 ------
 doc/perlvars.pm           | 5 ++---
 5 files changed, 3 insertions(+), 21 deletions(-)

diff --git a/apps/include/opt.h b/apps/include/opt.h
index 951557974b..b77c5a52e5 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -162,7 +162,7 @@
         OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
         OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
         OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
-        OPT_S_MINPROTO, OPT_S_MAXPROTO, OPT_S_IMMEDIATE_RENEG, \
+        OPT_S_MINPROTO, OPT_S_MAXPROTO, \
         OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
 
 # define OPT_S_OPTIONS \
@@ -211,8 +211,6 @@
         {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
         {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
         {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
-        {"immediate_renegotiation", OPT_S_IMMEDIATE_RENEG, '-', \
-            "Immediately attempt renegotiation"}, \
         {"record_padding", OPT_S_RECORD_PADDING, 's', \
             "Block size to pad TLS 1.3 records to."}, \
         {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
diff --git a/apps/s_client.c b/apps/s_client.c
index ac9b08dfc2..3b9be0e8c2 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1047,9 +1047,6 @@ int s_client_main(int argc, char **argv)
         case OPT_BRIEF:
             c_brief = verify_args.quiet = c_quiet = 1;
             break;
-        case OPT_S_IMMEDIATE_RENEG:
-            /* Option ignored on client. */
-            break;
         case OPT_S_CASES:
             if (ssl_args == NULL)
                 ssl_args = sk_OPENSSL_STRING_new_null();
diff --git a/apps/s_server.c b/apps/s_server.c
index 009ac5a1eb..e32d25e800 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -78,7 +78,6 @@ static int accept_socket = -1;
 static int s_nbio = 0;
 static int s_nbio_test = 0;
 static int s_crlf = 0;
-static int immediate_reneg = 0;
 static SSL_CTX *ctx = NULL;
 static SSL_CTX *ctx2 = NULL;
 static int www = 0;
@@ -1270,9 +1269,6 @@ int s_server_main(int argc, char *argv[])
             if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
                 goto opthelp;
             break;
-        case OPT_S_IMMEDIATE_RENEG:
-            immediate_reneg = 1;
-            break;
         case OPT_S_CASES:
         case OPT_S_NUM_TICKETS:
         case OPT_ANTI_REPLAY:
@@ -2811,8 +2807,6 @@ static int init_ssl_connection(SSL *con)
     } else {
         do {
             i = SSL_accept(con);
-            if (immediate_reneg)
-                SSL_renegotiate(con);
 
             if (i <= 0)
                 retry = is_retryable(con, i);
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 68c05d33d7..7971d6e0b5 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -83,12 +83,6 @@ Sets B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION>. Only used by servers.
 Permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
 clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
 
-=item B<-immediate_renegotiation>
-
-Try to do a renegotiation immediately after the handshake.
-This is for debugging and has no option equivalent.
-Ignored by the B<openssl s_client> command.
-
 =item B<-prioritize_chacha>
 
 Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of
diff --git a/doc/perlvars.pm b/doc/perlvars.pm
index 71f3888d58..133ad3c416 100644
--- a/doc/perlvars.pm
+++ b/doc/perlvars.pm
@@ -183,7 +183,6 @@ $OpenSSL::safe::opt_s_synopsis = ""
 . "[B<-legacy_renegotiation>]\n"
 . "[B<-no_renegotiation>]\n"
 . "[B<-no_resumption_on_reneg>]\n"
-. "[B<-immediate_renegotiation>]\n"
 . "[B<-legacy_server_connect>]\n"
 . "[B<-no_legacy_server_connect>]\n"
 . "[B<-allow_no_dhe_kex>]\n"
@@ -203,9 +202,9 @@ $OpenSSL::safe::opt_s_synopsis = ""
 . "[B<-no_middlebox>]";
 $OpenSSL::safe::opt_s_item = ""
 . "=item B<-bugs>, B<-comp>, B<-no_comp>, B<-no_ticket>, B<-serverpref>,\n"
-. "B<-client_renegotiation>, B<_immediate_renegotiation>,\n"
+. "B<-client_renegotiation>,\n"
 . "B<-legacy_renegotiation>, B<-no_renegotiation>,\n"
-. "B<-immediate_renegotiation>, B<-no_resumption_on_reneg>,\n"
+. "B<-no_resumption_on_reneg>,\n"
 . "B<-legacy_server_connect>, B<-no_legacy_server_connect>,\n"
 . "B<-allow_no_dhe_kex>, B<-prioritize_chacha>, B<-strict>, B<-sigalgs>\n"
 . "I<algs>, B<-client_sigalgs> I<algs>, B<-groups> I<groups>, B<-curves>\n"
-- 
2.39.2