Get rid of tor_tls_block_renegotiation().

Since we check for naughty renegotiations using
tor_tls_t.server_handshake_count we don't need that semi-broken
function (at least till there is a way to disable rfc5746
renegotiations too).

2 files changed, 0 insertions, 11 deletions

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 72697850bd..1150c42327 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1540,16 +1540,6 @@ tor_tls_unblock_renegotiation(tor_tls_t *tls)
   }
 }
 
-/** If this version of openssl supports it, turn off renegotiation on
- * <b>tls</b>.  (Our protocol never requires this for security, but it's nice
- * to use belt-and-suspenders here.)
- */
-void
-tor_tls_block_renegotiation(tor_tls_t *tls)
-{
-  tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-}
-
 void
 tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
 {
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 90e76e4a95..1219b80816 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -75,7 +75,6 @@ int tor_tls_handshake(tor_tls_t *tls);
 int tor_tls_finish_handshake(tor_tls_t *tls);
 int tor_tls_renegotiate(tor_tls_t *tls);
 void tor_tls_unblock_renegotiation(tor_tls_t *tls);
-void tor_tls_block_renegotiation(tor_tls_t *tls);
 void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
 int tor_tls_shutdown(tor_tls_t *tls);
 int tor_tls_get_pending_bytes(tor_tls_t *tls);