remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok miod
author: tedu <> 2014-04-15 19:42:56 +0000
committer: tedu <> 2014-04-15 19:42:56 +0000
commit: ea717df2f3c9582198e1e40e6d5a566a33974039 (patch)
tree: c3cddef2cd4f28b6e01b7aaafadb1976f9e45d89 /src/lib/libssl/ssl_lib.c
parent: 5fbff974ec318bfb1a7cdda2d94ac86eaca1937a (diff)
download: openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.gz
openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.bz2
openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.zip
1 files changed, 0 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 98764b82aa..b5ba0f4aac 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1708,13 +1708,6 @@ SSL_CTX
                return (NULL);
        }
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
-                SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                return NULL;
-        }
-#endif
        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
                SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
                goto err;
author	tedu <>	2014-04-15 19:42:56 +0000
committer	tedu <>	2014-04-15 19:42:56 +0000
commit	ea717df2f3c9582198e1e40e6d5a566a33974039 (patch)
tree	c3cddef2cd4f28b6e01b7aaafadb1976f9e45d89 /src/lib/libssl/ssl_lib.c
parent	5fbff974ec318bfb1a7cdda2d94ac86eaca1937a (diff)
download	openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.gz openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.tar.bz2 openbsd-ea717df2f3c9582198e1e40e6d5a566a33974039.zip

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 98764b82aa..b5ba0f4aac 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1708,13 +1708,6 @@ SSL_CTX
1708	return (NULL);	1708	return (NULL);
1709	}	1709	}
1710		1710
1711	#ifdef OPENSSL_FIPS
1712	if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
1713	SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1714	return NULL;
1715	}
1716	#endif
1717
1718	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {	1711	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1719	SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);	1712	SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1720	goto err;	1713	goto err;