Index: patches.chromium/0009-stricter_cutthrough.patch |
diff --git a/patches.chromium/0009-stricter_cutthrough.patch b/patches.chromium/0009-stricter_cutthrough.patch |
deleted file mode 100644 |
index a880d64fa24641f66dfe1cc7ba5b98d428c36e28..0000000000000000000000000000000000000000 |
--- a/patches.chromium/0009-stricter_cutthrough.patch |
+++ /dev/null |
@@ -1,72 +0,0 @@ |
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c |
-index e47eef1..d1b3224 100644 |
---- a/ssl/s3_clnt.c |
-+++ b/ssl/s3_clnt.c |
-@@ -557,7 +557,8 @@ int ssl3_connect(SSL *s) |
- } |
- else |
- { |
-- if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128 |
-+ if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) |
-+ && ssl3_can_cutthrough(s) |
- && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */ |
- ) |
- { |
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c |
-index 45a76ae..d75b9f7 100644 |
---- a/ssl/ssl_lib.c |
-+++ b/ssl/ssl_lib.c |
-@@ -3305,12 +3305,39 @@ int SSL_cutthrough_complete(const SSL *s) |
- s->version >= SSL3_VERSION && |
- s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */ |
- (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */ |
-- SSL_get_cipher_bits(s, NULL) >= 128 && /* strong cipher choosen */ |
-+ ssl3_can_cutthrough(s) && /* cutthrough allowed */ |
- s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */ |
- (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/ |
- s->state == SSL3_ST_CR_FINISHED_A)); |
- } |
- |
-+int ssl3_can_cutthrough(const SSL *s) |
-+ { |
-+ const SSL_CIPHER *c; |
-+ |
-+ /* require a strong enough cipher */ |
-+ if (SSL_get_cipher_bits(s, NULL) < 128) |
-+ return 0; |
-+ |
-+ /* require NPN extension */ |
-+#ifndef OPENSSL_NO_NEXTPROTONEG |
-+ if (!s->s3->next_proto_neg_seen) |
-+ return 0; |
-+#else |
-+ return 0; |
-+#endif |
-+ |
-+ /* require a forward-secret cipher */ |
-+ c = SSL_get_current_cipher(s); |
-+ if (!c || (c->algorithm_mkey != SSL_kEDH && |
-+ c->algorithm_mkey != SSL_kEECDH)) |
-+ { |
-+ return 0; |
-+ } |
-+ |
-+ return 1; |
-+ } |
-+ |
- /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer |
- * vairable, freeing EVP_MD_CTX previously stored in that variable, if |
- * any. If EVP_MD pointer is passed, initializes ctx with this md |
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h |
-index 2f8cda8..3732825 100644 |
---- a/ssl/ssl_locl.h |
-+++ b/ssl/ssl_locl.h |
-@@ -1160,6 +1160,8 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg); |
- int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); |
- #endif |
- |
-+int ssl3_can_cutthrough(const SSL *s); |
-+ |
- EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; |
- void ssl_clear_hash_ctx(EVP_MD_CTX **hash); |
- int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, |