summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s23_clnt.c')
-rw-r--r--src/lib/libssl/s23_clnt.c18
1 files changed, 3 insertions, 15 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 458eb37d5f..a99a7691bd 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_clnt.c,v 1.40 2015/07/19 07:30:06 doug Exp $ */ 1/* $OpenBSD: s23_clnt.c,v 1.41 2015/08/27 06:21:15 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -196,8 +196,6 @@ SSLv23_client_method(void)
196static const SSL_METHOD * 196static const SSL_METHOD *
197ssl23_get_client_method(int ver) 197ssl23_get_client_method(int ver)
198{ 198{
199 if (ver == SSL3_VERSION)
200 return (SSLv3_client_method());
201 if (ver == TLS1_VERSION) 199 if (ver == TLS1_VERSION)
202 return (TLSv1_client_method()); 200 return (TLSv1_client_method());
203 if (ver == TLS1_1_VERSION) 201 if (ver == TLS1_1_VERSION)
@@ -331,7 +329,7 @@ ssl23_client_hello(SSL *s)
331 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the 329 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
332 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. 330 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
333 */ 331 */
334 mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; 332 mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1;
335 version = TLS1_2_VERSION; 333 version = TLS1_2_VERSION;
336 334
337 if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) 335 if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
@@ -340,9 +338,6 @@ ssl23_client_hello(SSL *s)
340 if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) 338 if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
341 version = TLS1_VERSION; 339 version = TLS1_VERSION;
342 mask &= ~SSL_OP_NO_TLSv1; 340 mask &= ~SSL_OP_NO_TLSv1;
343 if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
344 version = SSL3_VERSION;
345 mask &= ~SSL_OP_NO_SSLv3;
346 341
347 buf = (unsigned char *)s->init_buf->data; 342 buf = (unsigned char *)s->init_buf->data;
348 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { 343 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
@@ -357,9 +352,6 @@ ssl23_client_hello(SSL *s)
357 } else if (version == TLS1_VERSION) { 352 } else if (version == TLS1_VERSION) {
358 version_major = TLS1_VERSION_MAJOR; 353 version_major = TLS1_VERSION_MAJOR;
359 version_minor = TLS1_VERSION_MINOR; 354 version_minor = TLS1_VERSION_MINOR;
360 } else if (version == SSL3_VERSION) {
361 version_major = SSL3_VERSION_MAJOR;
362 version_minor = SSL3_VERSION_MINOR;
363 } else { 355 } else {
364 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); 356 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
365 return (-1); 357 return (-1);
@@ -494,11 +486,7 @@ ssl23_get_server_hello(SSL *s)
494 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { 486 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
495 /* we have sslv3 or tls1 (server hello or alert) */ 487 /* we have sslv3 or tls1 (server hello or alert) */
496 488
497 if ((p[2] == SSL3_VERSION_MINOR) && 489 if ((p[2] == TLS1_VERSION_MINOR) &&
498 !(s->options & SSL_OP_NO_SSLv3)) {
499 s->version = SSL3_VERSION;
500 s->method = SSLv3_client_method();
501 } else if ((p[2] == TLS1_VERSION_MINOR) &&
502 !(s->options & SSL_OP_NO_TLSv1)) { 490 !(s->options & SSL_OP_NO_TLSv1)) {
503 s->version = TLS1_VERSION; 491 s->version = TLS1_VERSION;
504 s->method = TLSv1_client_method(); 492 s->method = TLSv1_client_method();
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-03 00:22:02 +0000