git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Todd Short <tshort@akamai.com>
	Mon, 10 Jul 2017 17:28:35 +0000 (13:28 -0400)
committer	Matt Caswell <matt@openssl.org>
	Fri, 15 Feb 2019 10:11:18 +0000 (10:11 +0000)
commit	088dfa133561d7613b9391a56ddbce58f32c934a
tree	46ebb1770ded52fd84e2202d80cac0ea9121b49f	tree \| snapshot
parent	9fc8f18f59f4a4c853466dca64a23b8af681bf1c	commit \| diff

Add option to disable Extended Master Secret

Add SSL_OP64_NO_EXTENDED_MASTER_SECRET, that can be set on either
an SSL or an SSL_CTX. When processing a ClientHello, if this flag
is set, do not indicate that the EMS TLS extension was received in
either the ssl3 object or the SSL_SESSION. Retain most of the
sanity checks between the previous and current session during
session resumption, but weaken the check when the current SSL
object is configured to not use EMS.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3910)

12 files changed:

doc/man3/SSL_CONF_cmd.pod		diff \| blob \| blame \| history
doc/man3/SSL_CTX_set_options.pod		diff \| blob \| blame \| history
include/openssl/ssl.h		diff \| blob \| blame \| history
ssl/ssl_conf.c		diff \| blob \| blame \| history
ssl/statem/extensions.c		diff \| blob \| blame \| history
ssl/statem/extensions_clnt.c		diff \| blob \| blame \| history
ssl/statem/extensions_srvr.c		diff \| blob \| blame \| history
test/recipes/80-test_ssl_new.t		diff \| blob \| blame \| history
test/ssl-tests/16-certstatus.conf	[deleted file]	blob \| blame \| history
test/ssl-tests/30-extended-master-secret.conf	[new file with mode: 0644]	blob
test/ssl-tests/30-extended-master-secret.conf.in	[new file with mode: 0644]	blob
test/sslapitest.c		diff \| blob \| blame \| history

A mirror of the official openssl repository

RSS Atom