diff options
| author | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:22:31 +0100 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:22:31 +0100 |
| commit | 6f78b9e824c053d062188578635c575017b587c5 (patch) | |
| tree | 384ac167954740453837f37e9ad0cbadcb5888b7 /ssl/s3_lib.c | |
| parent | ad3819c29ed91ee31ebc806939e6104970694811 (diff) | |
Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/s3_lib.c')
| -rw-r--r-- | ssl/s3_lib.c | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index bf7336cbfc..0df228e50a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4095,11 +4095,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; } break; - case SSL_CTRL_SET_TMP_ECDH_CB: - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (ret); - } #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { @@ -4423,13 +4418,6 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_TMP_ECDH_CB: - { - s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; - } - break; -#endif case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb = (void (*)(SSL *, int, int, unsigned char *, int, void *))fp; @@ -4558,11 +4546,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; } /* break; */ - case SSL_CTRL_SET_TMP_ECDH_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); - } #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg = parg; @@ -4733,13 +4716,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_TMP_ECDH_CB: - { - cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; - } - break; -#endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; break; |