diff options
| author | Matt Caswell <matt@openssl.org> | 2015-05-15 10:49:56 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-05-22 23:10:51 +0100 |
| commit | e481f9b90b164fd1053015d1c4e0a0d92076d7a8 (patch) | |
| tree | 2dbf5d699977893b677a18b213f31c61b59d468b /util | |
| parent | 552bf8ec5e64d1a169069111850ebc5d250e0499 (diff) | |
Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'util')
| -rwxr-xr-x | util/mk1mf.pl | 2 | ||||
| -rwxr-xr-x | util/mkdef.pl | 6 | ||||
| -rwxr-xr-x | util/ssleay.num | 24 |
3 files changed, 14 insertions, 18 deletions
diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 00a3efebac..5161c170b4 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -289,7 +289,6 @@ $cflags.=" -DOPENSSL_NO_DH" if $no_dh; $cflags.=" -DOPENSSL_NO_WHIRLPOOL" if $no_whirlpool; $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; -$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_SRP" if $no_srp; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; @@ -1391,7 +1390,6 @@ sub read_options "gaswin" => \$gaswin, "no-ssl3" => \$no_ssl3, "no-ssl3-method" => 0, - "no-tlsext" => \$no_tlsext, "no-srp" => \$no_srp, "no-cms" => \$no_cms, "no-jpake" => \$no_jpake, diff --git a/util/mkdef.pl b/util/mkdef.pl index e2b1fb6d4a..b21d03b36e 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -81,7 +81,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", # TLS - "TLSEXT", "PSK", "SRP", "HEARTBEATS", + "PSK", "SRP", "HEARTBEATS", # CMS "CMS", # CryptoAPI Engine @@ -124,7 +124,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_psk; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_ocb; @@ -213,7 +213,6 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } - elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-ec2m$/) { $no_ec2m=1; } elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; } @@ -1198,7 +1197,6 @@ sub is_valid if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } - if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc) diff --git a/util/ssleay.num b/util/ssleay.num index d595fe0e35..1b4755cb12 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -240,8 +240,8 @@ SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION: SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION: SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION: SSL_set_SSL_CTX 290 EXIST::FUNCTION: -SSL_get_servername 291 EXIST::FUNCTION:TLSEXT -SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT +SSL_get_servername 291 EXIST::FUNCTION: +SSL_get_servername_type 292 EXIST::FUNCTION: SSL_CTX_set_client_cert_engine 293 EXIST::FUNCTION:ENGINE SSL_CTX_use_psk_identity_hint 294 EXIST::FUNCTION:PSK SSL_CTX_set_psk_client_callback 295 EXIST::FUNCTION:PSK @@ -309,21 +309,21 @@ SSL_CIPHER_get_id 349 EXIST::FUNCTION: TLSv1_2_method 350 EXIST::FUNCTION: SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION: kssl_ctx_get0_client_princ 352 NOEXIST::FUNCTION: -SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT +SSL_export_keying_material 353 EXIST::FUNCTION: SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG SSL_get_selected_srtp_profile 357 EXIST::FUNCTION:SRTP SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:SRTP -SSL_select_next_proto 359 EXIST::FUNCTION:TLSEXT +SSL_select_next_proto 359 EXIST::FUNCTION: SSL_get_srtp_profiles 360 EXIST::FUNCTION:SRTP SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_SESSION_get_compress_id 362 EXIST::FUNCTION: SSL_get0_param 363 EXIST::FUNCTION: SSL_CTX_get0_privatekey 364 EXIST::FUNCTION: -SSL_get_shared_sigalgs 365 EXIST::FUNCTION:TLSEXT +SSL_get_shared_sigalgs 365 EXIST::FUNCTION: SSL_CONF_CTX_finish 366 EXIST::FUNCTION: DTLS_method 367 EXIST::FUNCTION: DTLS_client_method 368 EXIST::FUNCTION: @@ -336,40 +336,40 @@ SSL_COMP_set0_compress_methods 374 NOEXIST::FUNCTION: SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION: SSL_COMP_set0_compr_methods 374 EXIST:VMS:FUNCTION: SSL_CTX_set_cert_cb 375 EXIST::FUNCTION: -SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION:TLSEXT +SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION: SSL_is_server 377 EXIST::FUNCTION: SSL_CTX_get0_param 378 EXIST::FUNCTION: SSL_CONF_cmd 379 EXIST::FUNCTION: SSL_CTX_get_ssl_method 380 EXIST::FUNCTION: SSL_CONF_CTX_set_ssl_ctx 381 EXIST::FUNCTION: SSL_CIPHER_find 382 EXIST::FUNCTION: -SSL_CTX_use_serverinfo 383 EXIST::FUNCTION:TLSEXT +SSL_CTX_use_serverinfo 383 EXIST::FUNCTION: DTLSv1_2_client_method 384 EXIST::FUNCTION: SSL_get0_alpn_selected 385 EXIST::FUNCTION: SSL_CONF_CTX_clear_flags 386 EXIST::FUNCTION: SSL_CTX_set_alpn_protos 387 EXIST::FUNCTION: -SSL_CTX_add_server_custom_ext 389 EXIST::FUNCTION:TLSEXT +SSL_CTX_add_server_custom_ext 389 EXIST::FUNCTION: SSL_CTX_get0_certificate 390 EXIST::FUNCTION: SSL_CTX_set_alpn_select_cb 391 EXIST::FUNCTION: SSL_CONF_cmd_value_type 392 EXIST::FUNCTION: SSL_set_cert_cb 393 EXIST::FUNCTION: -SSL_get_sigalgs 394 EXIST::FUNCTION:TLSEXT +SSL_get_sigalgs 394 EXIST::FUNCTION: SSL_CONF_CTX_set1_prefix 395 EXIST::FUNCTION: SSL_CONF_CTX_new 396 EXIST::FUNCTION: SSL_CONF_CTX_set_flags 397 EXIST::FUNCTION: SSL_CONF_CTX_set_ssl 398 EXIST::FUNCTION: -SSL_check_chain 399 EXIST::FUNCTION:TLSEXT +SSL_check_chain 399 EXIST::FUNCTION: SSL_certs_clear 400 EXIST::FUNCTION: SSL_CONF_CTX_free 401 EXIST::FUNCTION: SSL_trace 402 EXIST::FUNCTION:SSL_TRACE SSL_CTX_set_cli_supp_data 403 NOEXIST::FUNCTION: DTLSv1_2_method 404 EXIST::FUNCTION: DTLS_server_method 405 EXIST::FUNCTION: -SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO,TLSEXT +SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO SSL_COMP_free_compress_methods 407 NOEXIST::FUNCTION: SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION: SSL_COMP_free_compr_methods 407 EXIST:VMS:FUNCTION: -SSL_extension_supported 409 EXIST::FUNCTION:TLSEXT +SSL_extension_supported 409 EXIST::FUNCTION: SSL_CTX_get_security_callback 410 EXIST::FUNCTION: SSL_SESSION_print_keylog 411 EXIST::FUNCTION: SSL_CTX_set_not_resumable_session_callback 412 EXIST:!VMS:FUNCTION: |