)]}' { "commit": "b16346b0ada83c2a7ecddc8aed790ce81b00f993", "tree": "7df1b0686eed659738f2ea88840bfd4aa6ce93e0", "parents": [ "8f64778a3919e4cd94cc7c82b84ee1b2ff5e33af" ], "author": { "name": "David Benjamin", "email": "davidben@chromium.org", "time": "Wed Apr 08 19:16:58 2015 -0400" }, "committer": { "name": "Adam Langley", "email": "agl@google.com", "time": "Mon Apr 13 22:38:58 2015 +0000" }, "message": "Add SSL_set_reject_peer_renegotiations.\n\nThis causes any unexpected handshake records to be met with a fatal\nno_renegotiation alert.\n\nIn addition, restore the redundant version sanity-checks in the handshake state\nmachines. Some code would zero the version field as a hacky way to break the\nhandshake on renego. Those will be removed when switching to this API.\n\nThe spec allows for a non-fatal no_renegotiation alert, but ssl3_read_bytes\nmakes it difficult to find the end of a ClientHello and skip it entirely. Given\nthat OpenSSL goes out of its way to map non-fatal no_renegotiation alerts to\nfatal ones, this seems probably fine. This avoids needing to account for\nanother source of the library consuming an unbounded number of bytes without\nreturning data up.\n\nChange-Id: Ie5050d9c9350c29cfe32d03a3c991bdc1da9e0e4\nReviewed-on: https://boringssl-review.googlesource.com/4300\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "fa8916b26849f5ffbb2f2d2596329bebf107af6f", "old_mode": 33188, "old_path": "include/openssl/ssl.h", "new_id": "e6545dabcd4694c97b5b00bfcd3111c279d5a604", "new_mode": 33188, "new_path": "include/openssl/ssl.h" }, { "type": "modify", "old_id": "17cc1adee13fae53d4bfc48d30ba8951233d222b", "old_mode": 33188, "old_path": "ssl/s3_clnt.c", "new_id": "00f15cc93b33e66dffe9a8fbbc9000a0a9921960", "new_mode": 33188, "new_path": "ssl/s3_clnt.c" }, { "type": "modify", "old_id": "aa3c5964583a64ab326865f4c86b29ecbf486aec", "old_mode": 33188, "old_path": "ssl/s3_pkt.c", "new_id": "a2db1d45002fb1ecf38ba4bf8460b8c0913426e1", "new_mode": 33188, "new_path": "ssl/s3_pkt.c" }, { "type": "modify", "old_id": "0ba1467dfb66d71bd2e78b4217c746d5652f86dc", "old_mode": 33188, "old_path": "ssl/s3_srvr.c", "new_id": "222cc66b349f1964105b1277927d18138254a413", "new_mode": 33188, "new_path": "ssl/s3_srvr.c" }, { "type": "modify", "old_id": "ee260ea1f1171d2f7924602f54a3263080079521", "old_mode": 33188, "old_path": "ssl/ssl_lib.c", "new_id": "f8e9bab2b289e827b399764de87d168e6b52bc15", "new_mode": 33188, "new_path": "ssl/ssl_lib.c" }, { "type": "modify", "old_id": "091dc30ff8c9e487e58ad0ed4f6730b52860d49e", "old_mode": 33188, "old_path": "ssl/test/bssl_shim.cc", "new_id": "fd4bd601c85ddcad931a913010bd615a28e17ae4", "new_mode": 33188, "new_path": "ssl/test/bssl_shim.cc" }, { "type": "modify", "old_id": "650c14f72b06b9df10c82b1c626bb6c1337b5aeb", "old_mode": 33188, "old_path": "ssl/test/runner/runner.go", "new_id": "ce0271f712343c1bcd69f442d5eb3e6b2a49b0a1", "new_mode": 33188, "new_path": "ssl/test/runner/runner.go" }, { "type": "modify", "old_id": "25278370b9709e2070c2a60fa4f0012a2ad9b7b6", "old_mode": 33188, "old_path": "ssl/test/test_config.cc", "new_id": "25906f720002ff130bfed927a20e5667ad1dcc6f", "new_mode": 33188, "new_path": "ssl/test/test_config.cc" }, { "type": "modify", "old_id": "de1eda666c7811568f115fc49a32387be42c002e", "old_mode": 33188, "old_path": "ssl/test/test_config.h", "new_id": "f107a0fbcb5b552855b58d343c7f17d0ac01d1cb", "new_mode": 33188, "new_path": "ssl/test/test_config.h" } ] }