diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2013-05-01 16:21:21 +0200 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2013-05-01 16:45:31 +0200 |
commit | 2cf7e5de6f0af289f231ff499ef1acf731e9f3b1 (patch) | |
tree | e46d0e6f98bf52fe10495c73a933b3267c140afb /deps/openssl/openssl/crypto/x509/by_dir.c | |
parent | dda7b402044a4ecde60baf386cb54997fbd570a1 (diff) | |
download | android-node-v8-2cf7e5de6f0af289f231ff499ef1acf731e9f3b1.tar.gz android-node-v8-2cf7e5de6f0af289f231ff499ef1acf731e9f3b1.tar.bz2 android-node-v8-2cf7e5de6f0af289f231ff499ef1acf731e9f3b1.zip |
Revert "deps: downgrade openssl to v1.0.0f"
After much investigation it turns out that the affected servers are
buggy. user-service.condenastdigital.com:443 in particular seems to
reject large TLS handshake records. Cutting down the number of
advertised ciphers or disabling SNI fixes the issue.
Similarly, passing { secureOptions: constants.SSL_OP_NO_TLSv1_2 }
seems to fix most connection issues with IIS servers.
Having to work around buggy servers is annoying for our users but not
a reason to downgrade OpenSSL. Therefore, revert it.
This reverts commit 4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.
Diffstat (limited to 'deps/openssl/openssl/crypto/x509/by_dir.c')
-rw-r--r-- | deps/openssl/openssl/crypto/x509/by_dir.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/deps/openssl/openssl/crypto/x509/by_dir.c b/deps/openssl/openssl/crypto/x509/by_dir.c index 03293ac2dc..27ca5150c1 100644 --- a/deps/openssl/openssl/crypto/x509/by_dir.c +++ b/deps/openssl/openssl/crypto/x509/by_dir.c @@ -287,8 +287,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, int ok=0; int i,j,k; unsigned long h; - unsigned long hash_array[2]; - int hash_index; BUF_MEM *b=NULL; X509_OBJECT stmp,*tmp; const char *postfix=""; @@ -325,11 +323,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, ctx=(BY_DIR *)xl->method_data; h=X509_NAME_hash(name); - hash_array[0]=h; - hash_array[1]=X509_NAME_hash_old(name); - for (hash_index=0; hash_index < 2; hash_index++) - { - h=hash_array[hash_index]; for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) { BY_DIR_ENTRY *ent; @@ -483,7 +476,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, goto finish; } } - } finish: if (b != NULL) BUF_MEM_free(b); return(ok); |