diff options
| -rw-r--r-- | CHANGES | 5 | ||||
| -rwxr-xr-x | makevms.com | 3 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 1 |
3 files changed, 5 insertions, 4 deletions
@@ -3,6 +3,11 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Given the pervasive nature of TLS extensions it is inadvisable to run + OpenSSL without support for them. It also means that maintaining + the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably + not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed. + [Matt Caswell] *) Version negotiation has been rewritten. In particular SSLv23_method(), SSLv23_client_method() and SSLv23_server_method() have been deprecated, diff --git a/makevms.com b/makevms.com index 37efdc8041..c1c3060b67 100755 --- a/makevms.com +++ b/makevms.com @@ -304,7 +304,6 @@ $ CONFIG_LOGICALS := AES,- STATIC_ENGINE,- STDIO,- STORE,- - TLSEXT,- UNIT_TEST,- WHIRLPOOL $ CONFIG_EXPERIMENTAL := JPAKE,- @@ -332,11 +331,9 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- SHA/SSL3,TLS1;- RSA,DSA/SSL3,TLS1;- DH/SSL3,TLS1;- - TLS1/TLSEXT;- EC/GOST;- DSA/GOST;- DH/GOST;- - TLSEXT/SRP,HEARTBEAT;- /STATIC_ENGINE;- /DEPRECATED;- /EC_NISTP_64_GCC_128;- diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index ab138ec491..6b39e25813 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -265,7 +265,6 @@ CERT *ssl_cert_dup(CERT *cert) goto err; } } - rpk->valid_flags = 0; if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ ret->pkeys[i].serverinfo = |