remove ssl2 support even more completely.

in the process, always include ssl3 and tls1, we don't need config options for them. when the time comes to expire ssl3, it will be with an ax. checked by miod
author: tedu <> 2014-04-15 21:47:56 +0000
committer: tedu <> 2014-04-15 21:47:56 +0000
commit: d29691e0c778ae0a3a5eb74acbb053caacdee990 (patch)
tree: e9ca306a8d286d0b62f82cb4b82cffd7dfbb0e70 /src/lib/libssl/s23_srvr.c
parent: 0fccfaa49773dea8f4e6d9930d774dd2a44b33db (diff)
download: openbsd-d29691e0c778ae0a3a5eb74acbb053caacdee990.tar.gz
openbsd-d29691e0c778ae0a3a5eb74acbb053caacdee990.tar.bz2
openbsd-d29691e0c778ae0a3a5eb74acbb053caacdee990.zip
1 files changed, 0 insertions, 44 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index ca95d4e636..a6062667a0 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -121,10 +121,6 @@ int ssl23_get_client_hello(SSL *s);
 static const SSL_METHOD
 *ssl23_get_server_method(int ver)
 {
-#ifndef OPENSSL_NO_SSL2
-        if (ver == SSL2_VERSION)
-                return (SSLv2_server_method());
-#endif
        if (ver == SSL3_VERSION)
                return (SSLv3_server_method());
        else if (ver == TLS1_VERSION)
@@ -480,48 +476,8 @@ ssl23_get_client_hello(SSL *s)
        /* s->state = SSL23_SR_CLNT_HELLO_C */
        if (type == 1) {
-#ifdef OPENSSL_NO_SSL2
                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
                goto err;
-#else
-                /* we are talking sslv2 */
-                /* we need to clean up the SSLv3/TLSv1 setup and put in the
-                 * sslv2 stuff. */
-                if (s->s2 == NULL) {
-                        if (!ssl2_new(s))
-                                goto err;
-                } else
-                        ssl2_clear(s);
-                if (s->s3 != NULL)
-                        ssl3_free(s);
-                if (!BUF_MEM_grow_clean(s->init_buf,
-                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-                        goto err;
-                }
-                s->state = SSL2_ST_GET_CLIENT_HELLO_A;
-                if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
-                        s->s2->ssl2_rollback = 0;
-                else
-                        /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
-                         * (SSL 3.0 draft/RFC 2246, App. E.2) */
-                s->s2->ssl2_rollback = 1;
-                /* setup the n bytes we have read so we get them from
-                 * the sslv2 buffer */
-                s->rstate = SSL_ST_READ_HEADER;
-                s->packet_length = n;
-                s->packet = &(s->s2->rbuf[0]);
-                memcpy(s->packet, buf, n);
-                s->s2->rbuf_left = n;
-                s->s2->rbuf_offs = 0;
-                s->method = SSLv2_server_method();
-                s->handshake_func = s->method->ssl_accept;
-#endif
        }
        if ((type == 2) || (type == 3)) {
author	tedu <>	2014-04-15 21:47:56 +0000
committer	tedu <>	2014-04-15 21:47:56 +0000
commit	d29691e0c778ae0a3a5eb74acbb053caacdee990 (patch)
tree	e9ca306a8d286d0b62f82cb4b82cffd7dfbb0e70 /src/lib/libssl/s23_srvr.c
parent	0fccfaa49773dea8f4e6d9930d774dd2a44b33db (diff)
download	openbsd-d29691e0c778ae0a3a5eb74acbb053caacdee990.tar.gz openbsd-d29691e0c778ae0a3a5eb74acbb053caacdee990.tar.bz2 openbsd-d29691e0c778ae0a3a5eb74acbb053caacdee990.zip

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index ca95d4e636..a6062667a0 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c
@@ -121,10 +121,6 @@ int ssl23_get_client_hello(SSL *s);
121	static const SSL_METHOD	121	static const SSL_METHOD
122	*ssl23_get_server_method(int ver)	122	*ssl23_get_server_method(int ver)
123	{	123	{
124	#ifndef OPENSSL_NO_SSL2
125	if (ver == SSL2_VERSION)
126	return (SSLv2_server_method());
127	#endif
128	if (ver == SSL3_VERSION)	124	if (ver == SSL3_VERSION)
129	return (SSLv3_server_method());	125	return (SSLv3_server_method());
130	else if (ver == TLS1_VERSION)	126	else if (ver == TLS1_VERSION)
@@ -480,48 +476,8 @@ ssl23_get_client_hello(SSL *s)
480	/* s->state = SSL23_SR_CLNT_HELLO_C */	476	/* s->state = SSL23_SR_CLNT_HELLO_C */
481		477
482	if (type == 1) {	478	if (type == 1) {
483	#ifdef OPENSSL_NO_SSL2
484	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);	479	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
485	goto err;	480	goto err;
486	#else
487	/* we are talking sslv2 */
488	/* we need to clean up the SSLv3/TLSv1 setup and put in the
489	* sslv2 stuff. */
490
491	if (s->s2 == NULL) {
492	if (!ssl2_new(s))
493	goto err;
494	} else
495	ssl2_clear(s);
496
497	if (s->s3 != NULL)
498	ssl3_free(s);
499
500	if (!BUF_MEM_grow_clean(s->init_buf,
501	SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
502	goto err;
503	}
504
505	s->state = SSL2_ST_GET_CLIENT_HELLO_A;
506	if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
507	s->s2->ssl2_rollback = 0;
508	else
509	/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
510	* (SSL 3.0 draft/RFC 2246, App. E.2) */
511	s->s2->ssl2_rollback = 1;
512
513	/* setup the n bytes we have read so we get them from
514	* the sslv2 buffer */
515	s->rstate = SSL_ST_READ_HEADER;
516	s->packet_length = n;
517	s->packet = &(s->s2->rbuf[0]);
518	memcpy(s->packet, buf, n);
519	s->s2->rbuf_left = n;
520	s->s2->rbuf_offs = 0;
521
522	s->method = SSLv2_server_method();
523	s->handshake_func = s->method->ssl_accept;
524	#endif
525	}	481	}
526		482
527	if ((type == 2) \|\| (type == 3)) {	483	if ((type == 2) \|\| (type == 3)) {