Skip to content
  • Matt Caswell's avatar
    Remove support for SSL3_FLAGS_DELAY_CLIENT_FINISHED · 57787ac8
    Matt Caswell authored
    
    
    This flag was not set anywhere within the codebase (only read). It could
    only be set by an app reaching directly into s->s3->flags and setting it
    directly. However that method became impossible when libssl was opaquified.
    
    Even in 1.0.2/1.0.1 if an app set the flag directly it is only relevant to
    ssl3_connect(), which calls SSL_clear() during initialisation that clears
    any flag settings. Therefore it could take effect if the app set the flag
    after the handshake has started but before it completed. It seems quite
    unlikely that any apps really do this (especially as it is completely
    undocumented).
    
    The purpose of the flag is suppress flushing of the write bio on the client
    side at the end of the handshake after the client has written the Finished
    message whilst resuming a session. This enables the client to send
    application data as part of the same flight as the Finished message.
    
    This flag also controls the setting of a second flag SSL3_FLAGS_POP_BUFFER.
    There is an interesting comment in the code about this second flag in the
    implementation of ssl3_write:
    
    	/* This is an experimental flag that sends the
    	 * last handshake message in the same packet as the first
    	 * use data - used to see if it helps the TCP protocol during
    	 * session-id reuse */
    
    It seems the experiment did not work because as far as I can tell nothing
    is using this code. The above comment has been in the code since SSLeay.
    
    This commit removes support for SSL3_FLAGS_DELAY_CLIENT_FINISHED, as well
    as the associated SSL3_FLAGS_POP_BUFFER.
    
    Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
    57787ac8
To find the state of this project's repository at the time of any of these versions, check out the tags.