diff options
| author | tedu <> | 2014-04-15 19:42:56 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-15 19:42:56 +0000 |
| commit | ea717df2f3c9582198e1e40e6d5a566a33974039 (patch) | |
| tree | c3cddef2cd4f28b6e01b7aaafadb1976f9e45d89 /src/lib/libssl/s23_clnt.c | |
| parent | 5fbff974ec318bfb1a7cdda2d94ac86eaca1937a (diff) | |
| download | openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.gz openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.bz2 openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.zip | |
remove FIPS mode support. people who require FIPS can buy something that
meets their needs, but dumping it in here only penalizes the rest of us.
ok miod
Diffstat (limited to 'src/lib/libssl/s23_clnt.c')
| -rw-r--r-- | src/lib/libssl/s23_clnt.c | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 8ed79c3d55..3d2e7510cf 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c | |||
| @@ -387,15 +387,7 @@ ssl23_client_hello(SSL *s) | |||
| 387 | } else if (version == TLS1_VERSION) { | 387 | } else if (version == TLS1_VERSION) { |
| 388 | version_major = TLS1_VERSION_MAJOR; | 388 | version_major = TLS1_VERSION_MAJOR; |
| 389 | version_minor = TLS1_VERSION_MINOR; | 389 | version_minor = TLS1_VERSION_MINOR; |
| 390 | } | 390 | } else if (version == SSL3_VERSION) { |
| 391 | #ifdef OPENSSL_FIPS | ||
| 392 | else if (FIPS_mode()) { | ||
| 393 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 394 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 395 | return -1; | ||
| 396 | } | ||
| 397 | #endif | ||
| 398 | else if (version == SSL3_VERSION) { | ||
| 399 | version_major = SSL3_VERSION_MAJOR; | 391 | version_major = SSL3_VERSION_MAJOR; |
| 400 | version_minor = SSL3_VERSION_MINOR; | 392 | version_minor = SSL3_VERSION_MINOR; |
| 401 | } else if (version == SSL2_VERSION) { | 393 | } else if (version == SSL2_VERSION) { |
| @@ -671,13 +663,6 @@ ssl23_get_server_hello(SSL *s) | |||
| 671 | 663 | ||
| 672 | if ((p[2] == SSL3_VERSION_MINOR) && | 664 | if ((p[2] == SSL3_VERSION_MINOR) && |
| 673 | !(s->options & SSL_OP_NO_SSLv3)) { | 665 | !(s->options & SSL_OP_NO_SSLv3)) { |
| 674 | #ifdef OPENSSL_FIPS | ||
| 675 | if (FIPS_mode()) { | ||
| 676 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 677 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 678 | goto err; | ||
| 679 | } | ||
| 680 | #endif | ||
| 681 | s->version = SSL3_VERSION; | 666 | s->version = SSL3_VERSION; |
| 682 | s->method = SSLv3_client_method(); | 667 | s->method = SSLv3_client_method(); |
| 683 | } else if ((p[2] == TLS1_VERSION_MINOR) && | 668 | } else if ((p[2] == TLS1_VERSION_MINOR) && |