Remove the function `tor_tls_assert_renegotiation_unblocked`.

It was used nowhere outside its own unit tests, and it was causing
compilation issues with recent OpenSSL 3.0.0 alphas.

Closes ticket 40399.

diff --git a/changes/bug40399 b/changes/bug40399
new file mode 100644 (file)
index 0000000..7954b85
--- /dev/null
+++ b/changes/bug40399
@@ -0,0 +1,5 @@
+  o Minor features (compatibility):
+    - Remove an assertion function related to TLS renegotiation.
+      It was used nowhere outside the unit tests, and it was breaking
+      compilation with recent alpha releases of OpenSSL 3.0.0.
+      Closes ticket 40399.

diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h
index 8efc7a1c98ace15424b25e4585c8aa13a948acfa..939831803537d819fbf32580e3f08512caf00d3b 100644 (file)
--- a/src/lib/tls/tortls.h
+++ b/src/lib/tls/tortls.h
@@ -107,7 +107,6 @@ int tor_tls_handshake(tor_tls_t *tls);
 int tor_tls_finish_handshake(tor_tls_t *tls);
 void tor_tls_unblock_renegotiation(tor_tls_t *tls);
 void tor_tls_block_renegotiation(tor_tls_t *tls);
-void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
 int tor_tls_get_pending_bytes(tor_tls_t *tls);
 size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
 

diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index 6f6c47674eea47cd8d9a5a521bbe6fb2798512f7..b7f351315053d6521d93ac674c18c640761852bf 100644 (file)
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -633,13 +633,6 @@ tor_tls_block_renegotiation(tor_tls_t *tls)
   /* We don't support renegotiation with NSS. */
 }
 
-void
-tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
-{
-  tor_assert(tls);
-  /* We don't support renegotiation with NSS. */
-}
-
 int
 tor_tls_get_pending_bytes(tor_tls_t *tls)
 {

diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 80b0df301f298a1d713f5d690cd3c4295a1f519f..c5031a00aa04d886c1beda2f5f8fe4dcb0ff826d 100644 (file)
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -1168,19 +1168,6 @@ tor_tls_block_renegotiation(tor_tls_t *tls)
 #endif
 }
 
-/** Assert that the flags that allow legacy renegotiation are still set */
-void
-tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
-{
-#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && \
-  SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0
-  long options = SSL_get_options(tls->ssl);
-  tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
-#else
-  (void) tls;
-#endif /* defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && ... */
-}
-
 /**
  * Tell the TLS library that the underlying socket for <b>tls</b> has been
  * closed, and the library should not attempt to free that socket itself.

diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c
index f4e3430daca59af5e0fdf48a870bb62567f34028..81c65d7446a726ee30c2ddda03a9e78a0d3ffb40 100644 (file)
--- a/src/test/test_tortls_openssl.c
+++ b/src/test/test_tortls_openssl.c
@@ -1147,25 +1147,6 @@ test_tortls_unblock_renegotiation(void *ignored)
 }
 #endif /* !defined(OPENSSL_OPAQUE) */
 
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_assert_renegotiation_unblocked(void *ignored)
-{
-  (void)ignored;
-  tor_tls_t *tls;
-
-  tls = tor_malloc_zero(sizeof(tor_tls_t));
-  tls->ssl = tor_malloc_zero(sizeof(SSL));
-  tor_tls_unblock_renegotiation(tls);
-  tor_tls_assert_renegotiation_unblocked(tls);
-  /* No assertion here - this test will fail if tor_assert is turned on
-   * and things are bad. */
-
-  tor_free(tls->ssl);
-  tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
 static void
 test_tortls_set_logged_address(void *ignored)
 {
@@ -2228,7 +2209,6 @@ struct testcase_t tortls_openssl_tests[] = {
   INTRUSIVE_TEST_CASE(server_info_callback, 0),
   LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
   LOCAL_TEST_CASE(is_server, 0),
-  INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
   INTRUSIVE_TEST_CASE(block_renegotiation, 0),
   INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
   INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),