From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 12 May 2022 06:41:14 +0000 (+0200)
Subject: Actually implement UnsafeLegacyServerConnect as documented
X-Git-Tag: openssl-3.2.0-alpha1~2604
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65b2bb9ca0cff5e65938dc0d9dcd71c251bd67db;p=thirdparty%2Fopenssl.git

Actually implement UnsafeLegacyServerConnect as documented

Fixes #18295

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18296)
---

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index f90d5a05b33..767faf2452a 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -384,6 +384,8 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
         SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
         SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
                      SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
+        SSL_FLAG_TBL("UnsafeLegacyServerConnect",
+                     SSL_OP_LEGACY_SERVER_CONNECT),
         SSL_FLAG_TBL("ClientRenegotiation",
                      SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
         SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),