Miod Vallat <[email protected]> writes:
> You're right. What about the following diff? (major bump for libssl)
Looks OK to me. There's also a few tendrils in regress:
Index: ssl/ssltest.c
===================================================================
RCS file: /home/cvsync/openbsd/src/regress/lib/libssl/ssl/ssltest.c,v
retrieving revision 1.2
diff -u -p -r1.2 ssltest.c
--- ssl/ssltest.c 1 Jun 2014 14:47:14 -0000 1.2
+++ ssl/ssltest.c 10 Jun 2014 15:26:54 -0000
@@ -380,31 +380,6 @@ err:
}
}
-#ifdef TLSEXT_TYPE_opaque_prf_input
- struct cb_info_st { void *input;
- size_t len;
- int ret;
-};
-
-struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
-struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
-
-int
-opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
-{
- struct cb_info_st *arg = arg_;
-
- if (arg == NULL)
- return 1;
-
- if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
- return 0;
- return arg->ret;
-}
-#endif
-
int
main(int argc, char *argv[])
{
@@ -746,13 +721,6 @@ bad:
#endif
SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
- SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx,
opaque_prf_input_cb);
- SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx,
opaque_prf_input_cb);
- SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or
&co2 or NULL */
- SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or
&so2 or NULL */
-#endif
if (!SSL_CTX_use_certificate_file(s_ctx, server_cert,
SSL_FILETYPE_PEM)) {
ERR_print_errors(bio_err);
