mirror of
https://github.com/openssl/openssl.git
synced 2024-11-29 04:55:11 +08:00
Add -no_resumption_on_reneg to SSL_CONF.
This commit is contained in:
parent
2dd6976f6d
commit
1f44dac24d
@ -1053,7 +1053,6 @@ int MAIN(int argc, char *argv[])
|
||||
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
|
||||
int no_cache = 0, ext_cache = 0;
|
||||
int rev = 0, naccept = -1;
|
||||
int c_no_resumption_on_reneg = 0;
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
EVP_PKEY *s_key2 = NULL;
|
||||
X509 *s_cert2 = NULL;
|
||||
@ -1178,10 +1177,6 @@ int MAIN(int argc, char *argv[])
|
||||
c_auth = 1;
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv, "-no_resumption_on_reneg") == 0)
|
||||
{
|
||||
c_no_resumption_on_reneg = 1;
|
||||
}
|
||||
else if (strcmp(*argv,"-auth_require_reneg") == 0)
|
||||
{
|
||||
c_auth_require_reneg = 1;
|
||||
@ -1961,8 +1956,6 @@ bad:
|
||||
}
|
||||
#endif
|
||||
|
||||
if (c_no_resumption_on_reneg)
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
|
||||
if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
|
||||
goto end;
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
|
@ -133,6 +133,10 @@ Use server and not client preference order when determining which cipher suite,
|
||||
signature algorithm or elliptic curve to use for an incoming connection.
|
||||
Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
|
||||
|
||||
=item B<-no_resumption_on_reneg>
|
||||
|
||||
set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.
|
||||
|
||||
=item B<-legacyrenegotiation>
|
||||
|
||||
permits the use of unsafe legacy renegotiation. Equivalent to setting
|
||||
@ -287,6 +291,9 @@ determining which cipher suite, signature algorithm or elliptic curve
|
||||
to use for an incoming connection. Equivalent to
|
||||
B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
|
||||
|
||||
B<NoResumptionOnRenegotiation> set
|
||||
B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers.
|
||||
|
||||
B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation.
|
||||
Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
|
||||
|
||||
|
@ -212,6 +212,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
|
||||
SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE),
|
||||
SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
|
||||
SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
|
||||
SSL_FLAG_TBL_SRV("no_resumption_on_reneg", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
|
||||
SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
|
||||
SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT),
|
||||
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
|
||||
@ -355,6 +356,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
|
||||
SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
|
||||
SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
|
||||
SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
|
||||
SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
|
||||
SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
|
||||
SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
|
||||
SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
|
||||
|
Loading…
Reference in New Issue
Block a user