From 2c55a0bc93bf578757ec5c85bdb3abe9cf3f4893 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 15 May 2015 10:55:10 +0100
Subject: [PATCH] Add CHANGES entry for OPENSSL_NO_TLSEXT removal
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
---
CHANGES | 5 +++++
makevms.com | 3 ---
ssl/ssl_cert.c | 1 -
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/CHANGES b/CHANGES
index 397ff2c6e1..e1e0721601 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
_______________
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) Given the pervasive nature of TLS extensions it is inadvisable to run
+ OpenSSL without support for them. It also means that maintaining
+ the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
+ not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
+ [Matt Caswell]
*) Version negotiation has been rewritten. In particular SSLv23_method(),
SSLv23_client_method() and SSLv23_server_method() have been deprecated,
diff --git a/makevms.com b/makevms.com
index 37efdc8041..c1c3060b67 100755
--- a/makevms.com
+++ b/makevms.com
@@ -304,7 +304,6 @@ $ CONFIG_LOGICALS := AES,-
STATIC_ENGINE,-
STDIO,-
STORE,-
- TLSEXT,-
UNIT_TEST,-
WHIRLPOOL
$ CONFIG_EXPERIMENTAL := JPAKE,-
@@ -332,11 +331,9 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
SHA/SSL3,TLS1;-
RSA,DSA/SSL3,TLS1;-
DH/SSL3,TLS1;-
- TLS1/TLSEXT;-
EC/GOST;-
DSA/GOST;-
DH/GOST;-
- TLSEXT/SRP,HEARTBEAT;-
/STATIC_ENGINE;-
/DEPRECATED;-
/EC_NISTP_64_GCC_128;-
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index ab138ec491..6b39e25813 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -265,7 +265,6 @@ CERT *ssl_cert_dup(CERT *cert)
goto err;
}
}
- rpk->valid_flags = 0;
if (cert->pkeys[i].serverinfo != NULL) {
/* Just copy everything. */
ret->pkeys[i].serverinfo =