diff options
| author | doug <> | 2015-09-12 16:10:08 +0000 |
|---|---|---|
| committer | doug <> | 2015-09-12 16:10:08 +0000 |
| commit | 56a3e20d1e41c02e4afd069925ec512ebb40b905 (patch) | |
| tree | ecc6c8f80b7c9e9b5057a82b1842ccf8724eb149 /src/lib/libssl/s3_pkt.c | |
| parent | efc74c6a34e219450e0cc4dd809c41889209b98d (diff) | |
| download | openbsd-56a3e20d1e41c02e4afd069925ec512ebb40b905.tar.gz openbsd-56a3e20d1e41c02e4afd069925ec512ebb40b905.tar.bz2 openbsd-56a3e20d1e41c02e4afd069925ec512ebb40b905.zip | |
Remove most of the SSLv3 version checks and a few TLS v1.0.
We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and
DTLS1_BAD_VER support was removed.
"reads ok" miod@
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 33fee732d1..153b37612f 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.56 2015/07/24 02:39:43 doug Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.57 2015/09/12 16:10:07 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1074,7 +1074,6 @@ start: | |||
| 1074 | if (s->server && | 1074 | if (s->server && |
| 1075 | SSL_is_init_finished(s) && | 1075 | SSL_is_init_finished(s) && |
| 1076 | !s->s3->send_connection_binding && | 1076 | !s->s3->send_connection_binding && |
| 1077 | (s->version > SSL3_VERSION) && | ||
| 1078 | (s->s3->handshake_fragment_len >= 4) && | 1077 | (s->s3->handshake_fragment_len >= 4) && |
| 1079 | (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && | 1078 | (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && |
| 1080 | (s->session != NULL) && (s->session->cipher != NULL)) { | 1079 | (s->session != NULL) && (s->session->cipher != NULL)) { |
| @@ -1339,10 +1338,6 @@ ssl3_send_alert(SSL *s, int level, int desc) | |||
| 1339 | { | 1338 | { |
| 1340 | /* Map tls/ssl alert value to correct one */ | 1339 | /* Map tls/ssl alert value to correct one */ |
| 1341 | desc = s->method->ssl3_enc->alert_value(desc); | 1340 | desc = s->method->ssl3_enc->alert_value(desc); |
| 1342 | if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) { | ||
| 1343 | /* SSL 3.0 does not have protocol_version alerts */ | ||
| 1344 | desc = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1345 | } | ||
| 1346 | if (desc < 0) | 1341 | if (desc < 0) |
| 1347 | return -1; | 1342 | return -1; |
| 1348 | /* If a fatal one, remove from cache */ | 1343 | /* If a fatal one, remove from cache */ |