remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok miod
author: tedu <> 2014-04-15 19:42:56 +0000
committer: tedu <> 2014-04-15 19:42:56 +0000
commit: ea717df2f3c9582198e1e40e6d5a566a33974039 (patch)
tree: c3cddef2cd4f28b6e01b7aaafadb1976f9e45d89 /src/lib/libssl/s23_srvr.c
parent: 5fbff974ec318bfb1a7cdda2d94ac86eaca1937a (diff)
download: openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.gz
openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.bz2
openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.zip
1 files changed, 0 insertions, 11 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 2aad21e93c..ca95d4e636 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -115,9 +115,6 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
@@ -388,14 +385,6 @@ ssl23_get_client_hello(SSL *s)
                }
        }
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (s->version < TLS1_VERSION)) {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-                    SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                goto err;
-        }
-#endif
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
                /* we have SSLv3/TLSv1 in an SSLv2 header
                 * (other cases skip this state) */
author	tedu <>	2014-04-15 19:42:56 +0000
committer	tedu <>	2014-04-15 19:42:56 +0000
commit	ea717df2f3c9582198e1e40e6d5a566a33974039 (patch)
tree	c3cddef2cd4f28b6e01b7aaafadb1976f9e45d89 /src/lib/libssl/s23_srvr.c
parent	5fbff974ec318bfb1a7cdda2d94ac86eaca1937a (diff)
download	openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.gz openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.bz2 openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.zip