summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2016-11-13 22:24:02 +0100
committerRich Salz <rsalz@openssl.org>2016-11-13 22:24:02 +0100
commite72040c1dcd61d6669762a60924b8fa3a48c37fc (patch)
tree705018484273d9b97682a1748bcf9518aaf41ee7 /ssl
parentFixed deadlock in CRYPTO_THREAD_run_once for Windows (diff)
downloadopenssl-e72040c1dcd61d6669762a60924b8fa3a48c37fc.tar.xz
openssl-e72040c1dcd61d6669762a60924b8fa3a48c37fc.zip
Remove heartbeat support
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/d1_lib.c168
-rw-r--r--ssl/record/rec_layer_d1.c15
-rw-r--r--ssl/s3_lib.c15
-rw-r--r--ssl/ssl_locl.h25
-rw-r--r--ssl/ssl_utst.c4
-rw-r--r--ssl/statem/statem.c14
-rw-r--r--ssl/statem/statem_dtls.c5
-rw-r--r--ssl/t1_ext.c1
-rw-r--r--ssl/t1_lib.c100
-rw-r--r--ssl/t1_trce.c33
10 files changed, 2 insertions, 378 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index ffc63222b1..20970c3f02 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -378,12 +378,6 @@ int dtls1_handle_timeout(SSL *s)
if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
s->d1->timeout.read_timeouts = 1;
}
-#ifndef OPENSSL_NO_HEARTBEATS
- if (s->tlsext_hb_pending) {
- s->tlsext_hb_pending = 0;
- return dtls1_heartbeat(s);
- }
-#endif
dtls1_start_timer(s);
return dtls1_retransmit_buffered_messages(s);
@@ -859,168 +853,6 @@ static int dtls1_handshake_write(SSL *s)
return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
}
-#ifndef OPENSSL_NO_HEARTBEATS
-
-# define HEARTBEAT_SIZE(payload, padding) ( \
- 1 /* heartbeat type */ + \
- 2 /* heartbeat length */ + \
- (payload) + (padding))
-
-# define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16)
-
-int dtls1_process_heartbeat(SSL *s, unsigned char *p, size_t length)
-{
- unsigned char *pl;
- unsigned short hbtype;
- unsigned int payload;
- unsigned int padding = 16; /* Use minimum padding */
- size_t written;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT,
- p, length, s, s->msg_callback_arg);
-
- /* Read type and payload length */
- if (HEARTBEAT_SIZE_STD(0) > length)
- return 0; /* silently discard */
- if (length > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0; /* silently discard per RFC 6520 sec. 4 */
-
- hbtype = *p++;
- n2s(p, payload);
- if (HEARTBEAT_SIZE_STD(payload) > length)
- return 0; /* silently discard per RFC 6520 sec. 4 */
- pl = p;
-
- if (hbtype == TLS1_HB_REQUEST) {
- unsigned char *buffer, *bp;
- size_t write_length = HEARTBEAT_SIZE(payload, padding);
- int r;
-
- if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
-
- /* Allocate memory for the response. */
- buffer = OPENSSL_malloc(write_length);
- if (buffer == NULL)
- return -1;
- bp = buffer;
-
- /* Enter response type, length and copy payload */
- *bp++ = TLS1_HB_RESPONSE;
- s2n(payload, bp);
- memcpy(bp, pl, payload);
- bp += payload;
- /* Random padding */
- if (RAND_bytes(bp, padding) <= 0) {
- OPENSSL_free(buffer);
- return -1;
- }
-
- r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length,
- &written);
-
- if (r > 0 && s->msg_callback)
- s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT,
- buffer, write_length, s, s->msg_callback_arg);
-
- OPENSSL_free(buffer);
-
- if (r <= 0)
- return -1;
- } else if (hbtype == TLS1_HB_RESPONSE) {
- unsigned int seq;
-
- /*
- * We only send sequence numbers (2 bytes unsigned int), and 16
- * random bytes, so we just try to read the sequence number
- */
- n2s(pl, seq);
-
- if (payload == 18 && seq == s->tlsext_hb_seq) {
- dtls1_stop_timer(s);
- s->tlsext_hb_seq++;
- s->tlsext_hb_pending = 0;
- }
- }
-
- return 0;
-}
-
-int dtls1_heartbeat(SSL *s)
-{
- unsigned char *buf, *p;
- int ret = -1;
- size_t payload = 18; /* Sequence number + random bytes */
- size_t padding = 16; /* Use minimum padding */
- size_t size, written;
-
- /* Only send if peer supports and accepts HB requests... */
- if (!(s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED) ||
- s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_SEND_REQUESTS) {
- SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
- return -1;
- }
-
- /* ...and there is none in flight yet... */
- if (s->tlsext_hb_pending) {
- SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
- return -1;
- }
-
- /* ...and no handshake in progress. */
- if (SSL_in_init(s) || ossl_statem_get_in_handshake(s)) {
- SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
- return -1;
- }
-
- /*-
- * Create HeartBeat message, we just use a sequence number
- * as payload to distinguish different messages and add
- * some random stuff.
- */
- size = HEARTBEAT_SIZE(payload, padding);
- buf = OPENSSL_malloc(size);
- if (buf == NULL) {
- SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- p = buf;
- /* Message Type */
- *p++ = TLS1_HB_REQUEST;
- /* Payload length (18 bytes here) */
- s2n(payload, p);
- /* Sequence number */
- s2n(s->tlsext_hb_seq, p);
- /* 16 random bytes */
- if (RAND_bytes(p, 16) <= 0) {
- SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- p += 16;
- /* Random padding */
- if (RAND_bytes(p, padding) <= 0) {
- SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size, &written);
- if (ret > 0) {
- if (s->msg_callback)
- s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT,
- buf, size, s, s->msg_callback_arg);
-
- dtls1_start_timer(s);
- s->tlsext_hb_pending = 1;
- }
-
- err:
- OPENSSL_free(buf);
-
- return ret;
-}
-#endif
-
int dtls1_shutdown(SSL *s)
{
int ret;
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index d2bb678323..5d971fb31b 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -575,21 +575,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
dest = s->rlayer.d->alert_fragment;
dest_len = &s->rlayer.d->alert_fragment_len;
}
-#ifndef OPENSSL_NO_HEARTBEATS
- else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) {
- /* We allow a 0 return */
- if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr),
- SSL3_RECORD_get_length(rr)) < 0) {
- return -1;
- }
- /* Exit and notify application to read again */
- SSL3_RECORD_set_length(rr, 0);
- s->rwstate = SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- return -1;
- }
-#endif
/* else it's a CCS message, or application data or wrong */
else if (SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC) {
/*
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index dad43753dd..2439167307 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3049,23 +3049,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
#ifndef OPENSSL_NO_HEARTBEATS
case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
- if (SSL_IS_DTLS(s))
- ret = dtls1_heartbeat(s);
- break;
-
case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
- if (SSL_IS_DTLS(s))
- ret = s->tlsext_hb_pending;
- break;
-
case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
- if (SSL_IS_DTLS(s)) {
- if (larg)
- s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
- else
- s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
- ret = 1;
- }
break;
#endif
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index dbe8813acf..105a487c7e 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1107,17 +1107,6 @@ struct ssl_st {
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */
SRTP_PROTECTION_PROFILE *srtp_profile;
- /*-
- * Is use of the Heartbeat extension negotiated?
- * 0: disabled
- * 1: enabled
- * 2: enabled, but not allowed to send Requests
- */
- unsigned int tlsext_heartbeat;
- /* Indicates if a HeartbeatRequest is in flight */
- unsigned int tlsext_hb_pending;
- /* HeartbeatRequest sequence number */
- unsigned int tlsext_hb_seq;
/*
* For a client, this contains the list of supported protocols in wire
* format.
@@ -1404,7 +1393,7 @@ typedef struct dtls1_state_st {
struct hm_header_st r_msg_hdr;
struct dtls1_timeout_st timeout;
/*
- * Indicates when the last handshake msg or heartbeat sent will timeout
+ * Indicates when the last handshake msg sent will timeout
*/
struct timeval next_timeout;
/* Timeout duration */
@@ -1813,10 +1802,6 @@ const SSL_METHOD *func_name(void) \
struct openssl_ssl_test_functions {
int (*p_ssl_init_wbio_buffer) (SSL *s);
int (*p_ssl3_setup_buffers) (SSL *s);
-# ifndef OPENSSL_NO_HEARTBEATS
- int (*p_dtls1_process_heartbeat) (SSL *s,
- unsigned char *p, unsigned int length);
-# endif
};
const char *ssl_protocol_to_string(int version);
@@ -2074,13 +2059,6 @@ __owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
__owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt);
__owur int ssl_prepare_clienthello_tlsext(SSL *s);
__owur int ssl_prepare_serverhello_tlsext(SSL *s);
-
-# ifndef OPENSSL_NO_HEARTBEATS
-__owur int dtls1_heartbeat(SSL *s);
-__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p,
- size_t length);
-# endif
-
__owur RAW_EXTENSION *tls_get_extension_by_type(RAW_EXTENSION *exts,
size_t numexts,
unsigned int type);
@@ -2178,7 +2156,6 @@ void ssl_comp_free_compression_methods_int(void);
# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
-# define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
# endif
#endif
diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c
index 09e76d14a7..cea1bc2707 100644
--- a/ssl/ssl_utst.c
+++ b/ssl/ssl_utst.c
@@ -14,10 +14,6 @@
static const struct openssl_ssl_test_functions ssl_test_functions = {
ssl_init_wbio_buffer,
ssl3_setup_buffers,
-# ifndef OPENSSL_NO_HEARTBEATS
-# undef dtls1_process_heartbeat
- dtls1_process_heartbeat
-# endif
};
const struct openssl_ssl_test_functions *SSL_test_functions(void)
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 901a3f2c49..a1da2a4418 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -251,20 +251,6 @@ static int state_machine(SSL *s, int server)
}
#endif
-#ifndef OPENSSL_NO_HEARTBEATS
- /*
- * If we're awaiting a HeartbeatResponse, pretend we already got and
- * don't await it anymore, because Heartbeats don't make sense during
- * handshakes anyway.
- */
- if (s->tlsext_hb_pending) {
- if (SSL_IS_DTLS(s))
- dtls1_stop_timer(s);
- s->tlsext_hb_pending = 0;
- s->tlsext_hb_seq++;
- }
-#endif
-
/* Initialise state machine */
if (st->state == MSG_FLOW_RENEGOTIATE) {
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 52e62a4273..08937f518b 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -919,13 +919,8 @@ int dtls1_read_failed(SSL *s, int code)
*/
return code;
}
-#ifndef OPENSSL_NO_HEARTBEATS
- /* done, no need to send a retransmit */
- if (!SSL_in_init(s) && !s->tlsext_hb_pending)
-#else
/* done, no need to send a retransmit */
if (!SSL_in_init(s))
-#endif
{
BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
return code;
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index bbec1359ca..ae6e978595 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -243,7 +243,6 @@ int SSL_extension_supported(unsigned int ext_type)
case TLSEXT_TYPE_application_layer_protocol_negotiation:
case TLSEXT_TYPE_ec_point_formats:
case TLSEXT_TYPE_supported_groups:
- case TLSEXT_TYPE_heartbeat:
#ifndef OPENSSL_NO_NEXTPROTONEG
case TLSEXT_TYPE_next_proto_neg:
#endif
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a7aa955223..338334fe71 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1254,30 +1254,6 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
}
}
#endif
-#ifndef OPENSSL_NO_HEARTBEATS
- if (SSL_IS_DTLS(s)) {
- unsigned int mode;
-
- /*-
- * Set mode:
- * 1: peer may send requests
- * 2: peer not allowed to send requests
- */
- if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS)
- mode = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
- else
- mode = SSL_DTLSEXT_HB_ENABLED;
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_heartbeat)
- /* Sub-packet for Hearbeat extension */
- || !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u8(pkt, mode)
- || !WPACKET_close(pkt)) {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- }
-#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
@@ -1555,30 +1531,6 @@ int ssl_add_serverhello_tlsext(SSL *s, WPACKET *pkt, int *al)
return 0;
}
}
-#ifndef OPENSSL_NO_HEARTBEATS
- /* Add Heartbeat extension if we've received one */
- if (SSL_IS_DTLS(s) && (s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED)) {
- unsigned int mode;
- /*-
- * Set mode:
- * 1: peer may send requests
- * 2: peer not allowed to send requests
- */
- if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS)
- mode = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
- else
- mode = SSL_DTLSEXT_HB_ENABLED;
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_heartbeat)
- || !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u8(pkt, mode)
- || !WPACKET_close(pkt)) {
- SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- }
-#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_seen = s->s3->next_proto_neg_seen;
@@ -1821,10 +1773,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al)
OPENSSL_free(s->s3->alpn_proposed);
s->s3->alpn_proposed = NULL;
s->s3->alpn_proposed_len = 0;
-#ifndef OPENSSL_NO_HEARTBEATS
- s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED |
- SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
-#endif
#ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
@@ -2116,29 +2064,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al)
s->tlsext_status_type = -1;
}
}
-#ifndef OPENSSL_NO_HEARTBEATS
- else if (SSL_IS_DTLS(s) && currext->type == TLSEXT_TYPE_heartbeat) {
- unsigned int hbtype;
-
- if (!PACKET_get_1(&currext->data, &hbtype)
- || PACKET_remaining(&currext->data)) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- switch (hbtype) {
- case 0x01: /* Client allows us to send HB requests */
- s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED;
- break;
- case 0x02: /* Client doesn't accept HB requests */
- s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED;
- s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
- break;
- default:
- *al = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
- }
-#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
else if (currext->type == TLSEXT_TYPE_next_proto_neg
&& s->s3->tmp.finish_md_len == 0) {
@@ -2270,10 +2195,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
-#ifndef OPENSSL_NO_HEARTBEATS
- s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED |
- SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
-#endif
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
@@ -2463,27 +2384,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
}
s->s3->alpn_selected_len = len;
}
-#ifndef OPENSSL_NO_HEARTBEATS
- else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_heartbeat) {
- unsigned int hbtype;
- if (!PACKET_get_1(&spkt, &hbtype)) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- switch (hbtype) {
- case 0x01: /* Server allows us to send HB requests */
- s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED;
- break;
- case 0x02: /* Server doesn't accept HB requests */
- s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED;
- s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
- break;
- default:
- *al = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
- }
-#endif
#ifndef OPENSSL_NO_SRTP
else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
if (ssl_parse_serverhello_use_srtp_ext(s, &spkt, al))
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 52c72b2450..2e94c65bdf 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -74,7 +74,6 @@ static ssl_trace_tbl ssl_content_tbl[] = {
{SSL3_RT_ALERT, "Alert"},
{SSL3_RT_HANDSHAKE, "Handshake"},
{SSL3_RT_APPLICATION_DATA, "ApplicationData"},
- {DTLS1_RT_HEARTBEAT, "HeartBeat"}
};
/* Handshake types */
@@ -453,7 +452,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_srp, "srp"},
{TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
{TLSEXT_TYPE_use_srtp, "use_srtp"},
- {TLSEXT_TYPE_heartbeat, "heartbeat"},
{TLSEXT_TYPE_session_ticket, "session_ticket"},
{TLSEXT_TYPE_supported_versions, "supported_versions"},
{TLSEXT_TYPE_renegotiate, "renegotiate"},
@@ -534,11 +532,6 @@ static ssl_trace_tbl ssl_hb_tbl[] = {
{2, "peer_not_allowed_to_send"}
};
-static ssl_trace_tbl ssl_hb_type_tbl[] = {
- {1, "heartbeat_request"},
- {2, "heartbeat_response"}
-};
-
static ssl_trace_tbl ssl_ctype_tbl[] = {
{1, "rsa_sign"},
{2, "dss_sign"},
@@ -718,12 +711,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
break;
case TLSEXT_TYPE_heartbeat:
- if (extlen != 1)
- return 0;
- BIO_indent(bio, indent + 2, 80);
- BIO_printf(bio, "HeartbeatMode: %s\n",
- ssl_trace_str(ext[0], ssl_hb_tbl));
- break;
+ return 0;
case TLSEXT_TYPE_session_ticket:
if (extlen != 0)
@@ -1270,22 +1258,6 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl,
return 1;
}
-static int ssl_print_heartbeat(BIO *bio, int indent,
- const unsigned char *msg, size_t msglen)
-{
- if (msglen < 3)
- return 0;
- BIO_indent(bio, indent, 80);
- BIO_printf(bio, "HeartBeatMessageType: %s\n",
- ssl_trace_str(msg[0], ssl_hb_type_tbl));
- msg++;
- msglen--;
- if (!ssl_print_hexbuf(bio, indent, "payload", 2, &msg, &msglen))
- return 0;
- ssl_print_hex(bio, indent, "padding", msg, msglen);
- return 1;
-}
-
const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
{
return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl);
@@ -1343,9 +1315,6 @@ void SSL_trace(int write_p, int version, int content_type,
SSL_alert_type_string_long(msg[0] << 8),
msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]);
}
- case DTLS1_RT_HEARTBEAT:
- ssl_print_heartbeat(bio, 4, msg, msglen);
- break;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 09:46:14 +0100