diff options
| author | Rich Salz <rsalz@akamai.com> | 2021-05-06 12:56:35 -0400 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-05-17 10:53:30 +0200 |
| commit | 55373bfd419ca010a15aac18c88c94827e2f3a92 (patch) | |
| tree | 803860f6eae08da5688ae7c4b68e195e52851a23 /CHANGES.md | |
| parent | d7970dd963134534340ad00fa62cb1180daf5cb0 (diff) | |
| download | openssl-55373bfd419ca010a15aac18c88c94827e2f3a92.zip openssl-55373bfd419ca010a15aac18c88c94827e2f3a92.tar.gz openssl-55373bfd419ca010a15aac18c88c94827e2f3a92.tar.bz2 | |
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.
Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -29,6 +29,12 @@ OpenSSL 3.0 * Rich Salz * + * Client-initiated renegotiation is disabled by default. To allow it, use + the -client_renegotiation option, the SSL_OP_ALLOW_CLIENT_RENEGOTIATION + flag, or the "ClientRenegotiation" config parameter as appropriate. + + * Rich Salz * + * Add "abspath" and "includedir" pragma's to config files, to prevent, or modify relative pathname inclusion. |