From 563d45f5e31be40b590640330f1a08569995ef28 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 11 Jun 2014 15:17:19 +0000 Subject: Disable TLS support... Just kidding! unifdef OPENSSL_NO_TLS since we will never want to actually do that. ok deraadt@ --- src/lib/libssl/d1_pkt.c | 2 -- src/lib/libssl/s23_clnt.c | 4 ---- src/lib/libssl/s3_pkt.c | 2 -- src/lib/libssl/src/ssl/d1_pkt.c | 2 -- src/lib/libssl/src/ssl/s23_clnt.c | 4 ---- src/lib/libssl/src/ssl/s3_pkt.c | 2 -- 6 files changed, 16 deletions(-) diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 87916eb763..b8fd4c92e5 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c @@ -1161,13 +1161,11 @@ start: switch (rr->type) { default: -#ifndef OPENSSL_NO_TLS /* TLS just ignores unknown message types */ if (s->version == TLS1_VERSION) { rr->length = 0; goto start; } -#endif al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 1bc582364b..7a42b1f0ea 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c @@ -309,14 +309,10 @@ ssl23_client_hello(SSL *s) * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. */ mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; -#if !defined(OPENSSL_NO_TLS1_2_CLIENT) version = TLS1_2_VERSION; if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) version = TLS1_1_VERSION; -#else - version = TLS1_1_VERSION; -#endif mask &= ~SSL_OP_NO_TLSv1_1; if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) version = TLS1_VERSION; diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index e19aba5580..9af897eb47 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c @@ -1304,7 +1304,6 @@ start: switch (rr->type) { default: -#ifndef OPENSSL_NO_TLS /* * TLS up to v1.1 just ignores unknown message types: * TLS v1.2 give an unexpected message alert. @@ -1314,7 +1313,6 @@ start: rr->length = 0; goto start; } -#endif al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 87916eb763..b8fd4c92e5 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c @@ -1161,13 +1161,11 @@ start: switch (rr->type) { default: -#ifndef OPENSSL_NO_TLS /* TLS just ignores unknown message types */ if (s->version == TLS1_VERSION) { rr->length = 0; goto start; } -#endif al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c index 1bc582364b..7a42b1f0ea 100644 --- a/src/lib/libssl/src/ssl/s23_clnt.c +++ b/src/lib/libssl/src/ssl/s23_clnt.c @@ -309,14 +309,10 @@ ssl23_client_hello(SSL *s) * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. */ mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; -#if !defined(OPENSSL_NO_TLS1_2_CLIENT) version = TLS1_2_VERSION; if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) version = TLS1_1_VERSION; -#else - version = TLS1_1_VERSION; -#endif mask &= ~SSL_OP_NO_TLSv1_1; if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) version = TLS1_VERSION; diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index e19aba5580..9af897eb47 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c @@ -1304,7 +1304,6 @@ start: switch (rr->type) { default: -#ifndef OPENSSL_NO_TLS /* * TLS up to v1.1 just ignores unknown message types: * TLS v1.2 give an unexpected message alert. @@ -1314,7 +1313,6 @@ start: rr->length = 0; goto start; } -#endif al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; -- cgit v1.2.3-55-g6feb