summaryrefslogtreecommitdiff
path: root/app/openssl/ssl/s3_lib.c
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-10-02 18:07:56 +0200
committerParménides GV <parmegv@sdf.org>2014-10-02 18:07:56 +0200
commit914c5156b014970dde717b9a27c0c69f11cc7d98 (patch)
treecb15666fb01b0f0410327ae7aaa23df444ac3b4c /app/openssl/ssl/s3_lib.c
parent22b7ee4614a2f47d55496de8a9b55040c0f4ba85 (diff)
Binaries from r885 of ics-openvpn, ndk10b 32 bits.
We don't support 64 bits targets because of https://code.google.com/p/android/issues/detail?id=77004&thanks=77004&ts=1412248443.
Diffstat (limited to 'app/openssl/ssl/s3_lib.c')
-rw-r--r--app/openssl/ssl/s3_lib.c31
1 files changed, 14 insertions, 17 deletions
diff --git a/app/openssl/ssl/s3_lib.c b/app/openssl/ssl/s3_lib.c
index f84da7f5..896d1e19 100644
--- a/app/openssl/ssl/s3_lib.c
+++ b/app/openssl/ssl/s3_lib.c
@@ -2828,35 +2828,34 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
#ifndef OPENSSL_NO_PSK
/* ECDH PSK ciphersuites from RFC 5489 */
-
- /* Cipher C037 */
+ /* Cipher C035 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
- TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kEECDH,
SSL_aPSK,
SSL_AES128,
- SSL_SHA256,
+ SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA256,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
- /* Cipher C038 */
+ /* Cipher C036 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
- TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kEECDH,
SSL_aPSK,
SSL_AES256,
- SSL_SHA384,
+ SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA384,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
},
@@ -3412,8 +3411,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break;
#endif
case SSL_CTRL_CHANNEL_ID:
- if (!s->server)
- break;
s->tlsext_channel_id_enabled = 1;
ret = 1;
break;
@@ -3429,7 +3426,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
}
if (s->tlsext_channel_id_private)
EVP_PKEY_free(s->tlsext_channel_id_private);
- s->tlsext_channel_id_private = (EVP_PKEY*) parg;
+ s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
ret = 1;
break;
@@ -3744,7 +3741,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
}
if (ctx->tlsext_channel_id_private)
EVP_PKEY_free(ctx->tlsext_channel_id_private);
- ctx->tlsext_channel_id_private = (EVP_PKEY*) parg;
+ ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
break;
default: