summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2016-11-15 14:55:40 +0100
committerRichard Levitte <levitte@openssl.org>2019-03-29 13:50:59 +0100
commit558ea84743918f7a93bfbfc259f86ad1fa4c8de9 (patch)
tree16690b411af8e6456852f57d41b0aff86a4ecf16 /ssl
parentWindows, VMS: build fixes (diff)
downloadopenssl-558ea84743918f7a93bfbfc259f86ad1fa4c8de9.tar.xz
openssl-558ea84743918f7a93bfbfc259f86ad1fa4c8de9.zip
Remove heartbeats completely
Fixes #4856 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1928)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/record/rec_layer_s3.c6
-rw-r--r--ssl/s3_lib.c7
-rw-r--r--ssl/ssl_err.c5
-rw-r--r--ssl/t1_trce.c4
4 files changed, 3 insertions, 19 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index feca76eb3f..b21227765a 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1508,9 +1508,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
&& (s->server || rr->type != SSL3_RT_ALERT)) {
/*
* If we've got this far and still haven't decided on what version
- * we're using then this must be a client side alert we're dealing with
- * (we don't allow heartbeats yet). We shouldn't be receiving anything
- * other than a ClientHello if we are a server.
+ * we're using then this must be a client side alert we're dealing
+ * with. We shouldn't be receiving anything other than a ClientHello
+ * if we are a server.
*/
s->version = rr->rec_version;
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a3639fd18c..330b9e3f0c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3547,13 +3547,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ret = 1;
break;
-#ifndef OPENSSL_NO_HEARTBEATS
- case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
- case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
- case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
- break;
-#endif
-
case SSL_CTRL_CHAIN:
if (larg)
return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index ceae87bbc9..afe1b58214 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -48,7 +48,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
"dtls1_buffer_record"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0),
"dtls1_check_timeout_num"},
- {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HEARTBEAT, 0), ""},
{ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0),
"dtls1_hm_fragment_new"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0),
@@ -1179,10 +1178,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"tlsv1 unrecognized name"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
"tlsv1 unsupported extension"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
- "peer does not accept heartbeats"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PENDING),
- "heartbeat request already pending"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
"tls illegal exporter label"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 656fefe896..9368baf1e7 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -468,7 +468,6 @@ static const ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_srp, "srp"},
{TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
{TLSEXT_TYPE_use_srtp, "use_srtp"},
- {TLSEXT_TYPE_heartbeat, "tls_heartbeat"},
{TLSEXT_TYPE_application_layer_protocol_negotiation,
"application_layer_protocol_negotiation"},
{TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
@@ -783,9 +782,6 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
}
break;
- case TLSEXT_TYPE_heartbeat:
- return 0;
-
case TLSEXT_TYPE_session_ticket:
if (extlen != 0)
ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);