From 56a3e20d1e41c02e4afd069925ec512ebb40b905 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Sat, 12 Sep 2015 16:10:08 +0000
Subject: Remove most of the SSLv3 version checks and a few TLS v1.0.

We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and
DTLS1_BAD_VER support was removed.

"reads ok" miod@
---
 src/lib/libssl/d1_clnt.c | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

(limited to 'src/lib/libssl/d1_clnt.c')

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 4b02fcf3c4..fd26bb5a1e 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.54 2015/09/12 12:58:15 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.55 2015/09/12 16:10:07 doug Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -700,16 +700,8 @@ dtls1_send_client_certificate(SSL *s)
 		if (x509 != NULL)
 			X509_free(x509);
 		EVP_PKEY_free(pkey);
-		if (i == 0) {
-			if (s->version == SSL3_VERSION) {
-				s->s3->tmp.cert_req = 0;
-				ssl3_send_alert(s, SSL3_AL_WARNING,
-				    SSL_AD_NO_CERTIFICATE);
-				return (1);
-			} else {
-				s->s3->tmp.cert_req = 2;
-			}
-		}
+		if (i == 0)
+			s->s3->tmp.cert_req = 2;
 
 		/* Ok, we have a cert */
 		s->state = SSL3_ST_CW_CERT_C;
-- 
cgit v1.2.3-55-g6feb