diff options
author | Rainer Jung <rjung@apache.org> | 2016-02-14 11:24:39 +0000 |
---|---|---|
committer | Rainer Jung <rjung@apache.org> | 2016-02-14 11:24:39 +0000 |
commit | e2017967f973e0c418fb85488cd948c955a08d52 (patch) | |
tree | f44ec517871cdc469891a4e4762c8334361e340b /NWGNUmakefile | |
parent | 434a3b97174fe13fc09e230ce4ddfceb75e6d20c (diff) | |
download | httpd-e2017967f973e0c418fb85488cd948c955a08d52.tar.gz |
Support for OpenSSL 1.1.0:
- use SSL_peek instead of looping with
has_buffered_data().
This fixes t/security/CVE-2009-3555.t where
has_buffered_data() doesn't help, because it
finds the buffered data and doesn't call
SSL_read(), so the reneg handshake isn't
triggered. SSL_peek() for 0 bytes seems to
reliably trigger the reneg in every case.
No more polling/sleeping. The code for the
OpenSSL 1.1.0 case is now again very close to
the pre 1.1.0 case.
Still need to run the full test suite with a
clean build.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1730316 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'NWGNUmakefile')
0 files changed, 0 insertions, 0 deletions