diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-05-14 10:28:49 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-05-14 10:35:38 +0200 |
commit | 89faab9e9e9123f39e8c0c6f8da1f67de423254a (patch) | |
tree | e9c1a3256d1b0cfa46ac094976435fec87586603 /lib/tls-sig.c | |
parent | d5611fdb2d89d32ac4f217058e5b70f61407b907 (diff) | |
download | gnutls-89faab9e9e9123f39e8c0c6f8da1f67de423254a.tar.gz |
Allow for conditional compilation of SSL 3.0 protocol
This allows to completely remove SSL 3.0 support by calling configure
with the '--disable-ssl3' option.
Resolves #93
Diffstat (limited to 'lib/tls-sig.c')
-rw-r--r-- | lib/tls-sig.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/tls-sig.c b/lib/tls-sig.c index f5f470afb9..492188a12f 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -469,6 +469,7 @@ _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len); +#ifdef ENABLE_SSL3 if (ver->id == GNUTLS_SSL3) { ret = _gnutls_generate_master(session, 1); if (ret < 0) { @@ -495,9 +496,12 @@ _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session, return gnutls_assert_val(ret); } } else { +#endif _gnutls_hash_deinit(&td_md5, concat); _gnutls_hash_deinit(&td_sha, &concat[16]); +#ifdef ENABLE_SSL3 } +#endif dconcat.data = concat; dconcat.size = 20 + 16; /* md5+ sha */ @@ -610,6 +614,7 @@ _gnutls_handshake_sign_crt_vrfy(gnutls_session_t session, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length); +#ifdef ENABLE_SSL3 if (ver->id == GNUTLS_SSL3) { ret = _gnutls_generate_master(session, 1); if (ret < 0) { @@ -626,6 +631,7 @@ _gnutls_handshake_sign_crt_vrfy(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); } else +#endif _gnutls_hash_deinit(&td_sha, &concat[16]); /* ensure 1024 bit DSA keys are used */ @@ -648,6 +654,7 @@ _gnutls_handshake_sign_crt_vrfy(gnutls_session_t session, session->internals.handshake_hash_buffer. length); +#ifdef ENABLE_SSL3 if (ver->id == GNUTLS_SSL3) { ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5, @@ -658,6 +665,7 @@ _gnutls_handshake_sign_crt_vrfy(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); } else +#endif _gnutls_hash_deinit(&td_md5, concat); dconcat.data = concat; |