diff options
Diffstat (limited to 'src/lib/libssl/s23_srvr.c')
| -rw-r--r-- | src/lib/libssl/s23_srvr.c | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index b524124681..7b2107680e 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s23_srvr.c,v 1.41 2015/07/19 07:30:06 doug Exp $ */ | 1 | /* $OpenBSD: s23_srvr.c,v 1.42 2015/08/27 06:21:15 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -194,8 +194,6 @@ SSLv23_server_method(void) | |||
| 194 | static const SSL_METHOD * | 194 | static const SSL_METHOD * |
| 195 | ssl23_get_server_method(int ver) | 195 | ssl23_get_server_method(int ver) |
| 196 | { | 196 | { |
| 197 | if (ver == SSL3_VERSION) | ||
| 198 | return (SSLv3_server_method()); | ||
| 199 | if (ver == TLS1_VERSION) | 197 | if (ver == TLS1_VERSION) |
| 200 | return (TLSv1_server_method()); | 198 | return (TLSv1_server_method()); |
| 201 | if (ver == TLS1_1_VERSION) | 199 | if (ver == TLS1_1_VERSION) |
| @@ -357,16 +355,12 @@ ssl23_get_client_hello(SSL *s) | |||
| 357 | /* type=2; */ /* done later to survive restarts */ | 355 | /* type=2; */ /* done later to survive restarts */ |
| 358 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | 356 | s->state = SSL23_ST_SR_CLNT_HELLO_B; |
| 359 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | 357 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { |
| 360 | s->version = SSL3_VERSION; | 358 | type = 1; |
| 361 | /* type=2; */ | ||
| 362 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | ||
| 363 | } else if (!(s->options & SSL_OP_NO_SSLv2)) { | 359 | } else if (!(s->options & SSL_OP_NO_SSLv2)) { |
| 364 | type = 1; | 360 | type = 1; |
| 365 | } | 361 | } |
| 366 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | 362 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { |
| 367 | s->version = SSL3_VERSION; | 363 | type = 1; |
| 368 | /* type=2; */ | ||
| 369 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | ||
| 370 | } else if (!(s->options & SSL_OP_NO_SSLv2)) | 364 | } else if (!(s->options & SSL_OP_NO_SSLv2)) |
| 371 | type = 1; | 365 | type = 1; |
| 372 | 366 | ||
| @@ -415,16 +409,9 @@ ssl23_get_client_hello(SSL *s) | |||
| 415 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { | 409 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { |
| 416 | s->version = TLS1_VERSION; | 410 | s->version = TLS1_VERSION; |
| 417 | type = 3; | 411 | type = 3; |
| 418 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | ||
| 419 | s->version = SSL3_VERSION; | ||
| 420 | type = 3; | ||
| 421 | } | 412 | } |
| 422 | } else { | 413 | } else { |
| 423 | /* client requests SSL 3.0 */ | 414 | if (!(s->options & SSL_OP_NO_TLSv1)) { |
| 424 | if (!(s->options & SSL_OP_NO_SSLv3)) { | ||
| 425 | s->version = SSL3_VERSION; | ||
| 426 | type = 3; | ||
| 427 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { | ||
| 428 | /* we won't be able to use TLS of course, | 415 | /* we won't be able to use TLS of course, |
| 429 | * but this will send an appropriate alert */ | 416 | * but this will send an appropriate alert */ |
| 430 | s->version = TLS1_VERSION; | 417 | s->version = TLS1_VERSION; |
| @@ -587,10 +574,8 @@ ssl23_get_client_hello(SSL *s) | |||
| 587 | s->method = TLSv1_2_server_method(); | 574 | s->method = TLSv1_2_server_method(); |
| 588 | else if (s->version == TLS1_1_VERSION) | 575 | else if (s->version == TLS1_1_VERSION) |
| 589 | s->method = TLSv1_1_server_method(); | 576 | s->method = TLSv1_1_server_method(); |
| 590 | else if (s->version == TLS1_VERSION) | ||
| 591 | s->method = TLSv1_server_method(); | ||
| 592 | else | 577 | else |
| 593 | s->method = SSLv3_server_method(); | 578 | s->method = TLSv1_server_method(); |
| 594 | s->handshake_func = s->method->ssl_accept; | 579 | s->handshake_func = s->method->ssl_accept; |
| 595 | } | 580 | } |
| 596 | 581 | ||