Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from

the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
author: guenther <> 2014-04-16 15:10:07 +0000
committer: guenther <> 2014-04-16 15:10:07 +0000
commit: 07d70e2f624616050545c4fb6f6ba748c12b342e (patch)
tree: cd6b7bd17edfb25d9928b1c38f811f45391e4e97 /src/lib/libssl/ssl_locl.h
parent: 0e08f2db38e867e26107d9826aa489a211882fb1 (diff)
download: openbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.tar.gz
openbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.tar.bz2
openbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.zip
1 files changed, 1 insertions, 38 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 203a47480f..e9c3a6bcd8 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -521,7 +521,7 @@ typedef struct cert_st {
 typedef struct sess_cert_st {
-        STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+        STACK_OF(X509) *cert_chain; /* as received from peer */
        /* The 'peer_...' members are used only by clients. */
        int peer_cert_type;
@@ -731,43 +731,6 @@ const SSL_METHOD *func_name(void)  \
        return &func_name##_data; \
        }
-#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-        { \
-        static const SSL_METHOD func_name##_data= { \
-                SSL2_VERSION, \
-                ssl2_new,       /* local */ \
-                ssl2_clear,     /* local */ \
-                ssl2_free,      /* local */ \
-                s_accept, \
-                s_connect, \
-                ssl2_read, \
-                ssl2_peek, \
-                ssl2_write, \
-                ssl2_shutdown, \
-                ssl_ok, /* NULL - renegotiate */ \
-                ssl_ok, /* NULL - check renegotiate */ \
-                NULL, /* NULL - ssl_get_message */ \
-                NULL, /* NULL - ssl_get_record */ \
-                NULL, /* NULL - ssl_write_bytes */ \
-                NULL, /* NULL - dispatch_alert */ \
-                ssl2_ctrl,      /* local */ \
-                ssl2_ctx_ctrl,  /* local */ \
-                ssl2_get_cipher_by_char, \
-                ssl2_put_cipher_by_char, \
-                ssl2_pending, \
-                ssl2_num_ciphers, \
-                ssl2_get_cipher, \
-                s_get_meth, \
-                ssl2_default_timeout, \
-                &ssl3_undef_enc_method, \
-                ssl_undefined_void_function, \
-                ssl2_callback_ctrl,     /* local */ \
-                ssl2_ctx_callback_ctrl, /* local */ \
-        }; \
-        return &func_name##_data; \
-        }
 #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
 const SSL_METHOD *func_name(void)  \
        { \
author	guenther <>	2014-04-16 15:10:07 +0000
committer	guenther <>	2014-04-16 15:10:07 +0000
commit	07d70e2f624616050545c4fb6f6ba748c12b342e (patch)
tree	cd6b7bd17edfb25d9928b1c38f811f45391e4e97 /src/lib/libssl/ssl_locl.h
parent	0e08f2db38e867e26107d9826aa489a211882fb1 (diff)
download	openbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.tar.gz openbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.tar.bz2 openbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.zip

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 203a47480f..e9c3a6bcd8 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -521,7 +521,7 @@ typedef struct cert_st {
521		521
522		522
523	typedef struct sess_cert_st {	523	typedef struct sess_cert_st {
524	STACK_OF(X509) cert_chain; / as received from peer (not for SSL2) */	524	STACK_OF(X509) cert_chain; / as received from peer */
525		525
526	/* The 'peer_...' members are used only by clients. */	526	/* The 'peer_...' members are used only by clients. */
527	int peer_cert_type;	527	int peer_cert_type;
@@ -731,43 +731,6 @@ const SSL_METHOD *func_name(void) \
731	return &func_name##_data; \	731	return &func_name##_data; \
732	}	732	}
733		733
734	#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
735	const SSL_METHOD *func_name(void) \
736	{ \
737	static const SSL_METHOD func_name##_data= { \
738	SSL2_VERSION, \
739	ssl2_new, /* local */ \
740	ssl2_clear, /* local */ \
741	ssl2_free, /* local */ \
742	s_accept, \
743	s_connect, \
744	ssl2_read, \
745	ssl2_peek, \
746	ssl2_write, \
747	ssl2_shutdown, \
748	ssl_ok, /* NULL - renegotiate */ \
749	ssl_ok, /* NULL - check renegotiate */ \
750	NULL, /* NULL - ssl_get_message */ \
751	NULL, /* NULL - ssl_get_record */ \
752	NULL, /* NULL - ssl_write_bytes */ \
753	NULL, /* NULL - dispatch_alert */ \
754	ssl2_ctrl, /* local */ \
755	ssl2_ctx_ctrl, /* local */ \
756	ssl2_get_cipher_by_char, \
757	ssl2_put_cipher_by_char, \
758	ssl2_pending, \
759	ssl2_num_ciphers, \
760	ssl2_get_cipher, \
761	s_get_meth, \
762	ssl2_default_timeout, \
763	&ssl3_undef_enc_method, \
764	ssl_undefined_void_function, \
765	ssl2_callback_ctrl, /* local */ \
766	ssl2_ctx_callback_ctrl, /* local */ \
767	}; \
768	return &func_name##_data; \
769	}
770
771	#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \	734	#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
772	const SSL_METHOD *func_name(void) \	735	const SSL_METHOD *func_name(void) \
773	{ \	736	{ \