Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.

This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
author: doug <> 2015-06-15 05:16:56 +0000
committer: doug <> 2015-06-15 05:16:56 +0000
commit: 6e37f91580bf8e077c11c85155cef0381d8ef35c (patch)
tree: 09daa6da27571646945c913b493870c53aabab06 /src/lib
parent: c3c8a32860541df7ab360b602a1449e6d90be892 (diff)
download: openbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.tar.gz
openbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.tar.bz2
openbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.zip
4 files changed, 10 insertions, 52 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3
index bacd3b84f0..8bb22b7cc6 100644
--- a/src/lib/libssl/doc/SSL_CTX_set_options.3
+++ b/src/lib/libssl/doc/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
 .\"
-.\"     $OpenBSD: SSL_CTX_set_options.3,v 1.4 2015/06/15 03:32:59 doug Exp $
+.\"     $OpenBSD: SSL_CTX_set_options.3,v 1.5 2015/06/15 05:16:56 doug Exp $
 .\"
 .Dd $Mdocdate: June 15 2015 $
 .Dt SSL_CTX_SET_OPTIONS 3
@@ -197,7 +197,9 @@ non-self-signed CA which does not have its CA in netscape, and the browser has
 a cert, it will crash/hang.
 Works for 3.x and 4.xbeta
 .It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-\&...
+As of
+.Ox 5.8 ,
+this option has no effect.
 .It Dv SSL_OP_NO_SSLv2
 As of
 .Ox 5.6 ,
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 7f6a5a0bbd..7b6af070c9 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.104 2015/06/15 03:32:59 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.105 2015/06/15 05:16:56 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -148,8 +148,6 @@
 * OTHERWISE.
 */
-#define REUSE_CIPHER_BUG
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -1126,27 +1124,6 @@ ssl3_get_client_hello(SSL *s)
                }
                s->s3->tmp.new_cipher = c;
        } else {
-                /* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
-                STACK_OF(SSL_CIPHER) *sk;
-                SSL_CIPHER *nc = NULL;
-                SSL_CIPHER *ec = NULL;
-                if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
-                        sk = s->session->ciphers;
-                        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-                                c = sk_SSL_CIPHER_value(sk, i);
-                                if (c->algorithm_enc & SSL_eNULL)
-                                        nc = c;
-                        }
-                        if (nc != NULL)
-                                s->s3->tmp.new_cipher = nc;
-                        else if (ec != NULL)
-                                s->s3->tmp.new_cipher = ec;
-                        else
-                                s->s3->tmp.new_cipher = s->session->cipher;
-                } else
-#endif
                s->s3->tmp.new_cipher = s->session->cipher;
        }
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
index bacd3b84f0..8bb22b7cc6 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
 .\"
-.\"     $OpenBSD: SSL_CTX_set_options.3,v 1.4 2015/06/15 03:32:59 doug Exp $
+.\"     $OpenBSD: SSL_CTX_set_options.3,v 1.5 2015/06/15 05:16:56 doug Exp $
 .\"
 .Dd $Mdocdate: June 15 2015 $
 .Dt SSL_CTX_SET_OPTIONS 3
@@ -197,7 +197,9 @@ non-self-signed CA which does not have its CA in netscape, and the browser has
 a cert, it will crash/hang.
 Works for 3.x and 4.xbeta
 .It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-\&...
+As of
+.Ox 5.8 ,
+this option has no effect.
 .It Dv SSL_OP_NO_SSLv2
 As of
 .Ox 5.6 ,
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 7f6a5a0bbd..7b6af070c9 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.104 2015/06/15 03:32:59 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.105 2015/06/15 05:16:56 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -148,8 +148,6 @@
 * OTHERWISE.
 */
-#define REUSE_CIPHER_BUG
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -1126,27 +1124,6 @@ ssl3_get_client_hello(SSL *s)
                }
                s->s3->tmp.new_cipher = c;
        } else {
-                /* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
-                STACK_OF(SSL_CIPHER) *sk;
-                SSL_CIPHER *nc = NULL;
-                SSL_CIPHER *ec = NULL;
-                if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
-                        sk = s->session->ciphers;
-                        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-                                c = sk_SSL_CIPHER_value(sk, i);
-                                if (c->algorithm_enc & SSL_eNULL)
-                                        nc = c;
-                        }
-                        if (nc != NULL)
-                                s->s3->tmp.new_cipher = nc;
-                        else if (ec != NULL)
-                                s->s3->tmp.new_cipher = ec;
-                        else
-                                s->s3->tmp.new_cipher = s->session->cipher;
-                } else
-#endif
                s->s3->tmp.new_cipher = s->session->cipher;
        }
author	doug <>	2015-06-15 05:16:56 +0000
committer	doug <>	2015-06-15 05:16:56 +0000
commit	6e37f91580bf8e077c11c85155cef0381d8ef35c (patch)
tree	09daa6da27571646945c913b493870c53aabab06 /src/lib
parent	c3c8a32860541df7ab360b602a1449e6d90be892 (diff)
download	openbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.tar.gz openbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.tar.bz2 openbsd-6e37f91580bf8e077c11c85155cef0381d8ef35c.zip