From 558ea84743918f7a93bfbfc259f86ad1fa4c8de9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 15 Nov 2016 14:55:40 +0100 Subject: Remove heartbeats completely Fixes #4856 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/1928) --- ssl/record/rec_layer_s3.c | 6 +++--- ssl/s3_lib.c | 7 ------- ssl/ssl_err.c | 5 ----- ssl/t1_trce.c | 4 ---- 4 files changed, 3 insertions(+), 19 deletions(-) (limited to 'ssl') diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index feca76eb3f..b21227765a 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1508,9 +1508,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && (s->server || rr->type != SSL3_RT_ALERT)) { /* * If we've got this far and still haven't decided on what version - * we're using then this must be a client side alert we're dealing with - * (we don't allow heartbeats yet). We shouldn't be receiving anything - * other than a ClientHello if we are a server. + * we're using then this must be a client side alert we're dealing + * with. We shouldn't be receiving anything other than a ClientHello + * if we are a server. */ s->version = rr->rec_version; SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index a3639fd18c..330b9e3f0c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3547,13 +3547,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; break; -#ifndef OPENSSL_NO_HEARTBEATS - case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT: - case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING: - case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS: - break; -#endif - case SSL_CTRL_CHAIN: if (larg) return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index ceae87bbc9..afe1b58214 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -48,7 +48,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "dtls1_buffer_record"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0), "dtls1_check_timeout_num"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HEARTBEAT, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0), "dtls1_hm_fragment_new"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0), @@ -1179,10 +1178,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "tlsv1 unrecognized name"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), - "peer does not accept heartbeats"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PENDING), - "heartbeat request already pending"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 656fefe896..9368baf1e7 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -468,7 +468,6 @@ static const ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_srp, "srp"}, {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, {TLSEXT_TYPE_use_srtp, "use_srtp"}, - {TLSEXT_TYPE_heartbeat, "tls_heartbeat"}, {TLSEXT_TYPE_application_layer_protocol_negotiation, "application_layer_protocol_negotiation"}, {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, @@ -783,9 +782,6 @@ static int ssl_print_extension(BIO *bio, int indent, int server, } break; - case TLSEXT_TYPE_heartbeat: - return 0; - case TLSEXT_TYPE_session_ticket: if (extlen != 0) ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); -- cgit v1.2.3