From d29691e0c778ae0a3a5eb74acbb053caacdee990 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Tue, 15 Apr 2014 21:47:56 +0000
Subject: remove ssl2 support even more completely. in the process, always
 include ssl3 and tls1, we don't need config options for them. when the time
 comes to expire ssl3, it will be with an ax. checked by miod

---
 src/lib/libssl/s23_srvr.c | 44 --------------------------------------------
 1 file changed, 44 deletions(-)

(limited to 'src/lib/libssl/s23_srvr.c')

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index ca95d4e636..a6062667a0 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -121,10 +121,6 @@ int ssl23_get_client_hello(SSL *s);
 static const SSL_METHOD
 *ssl23_get_server_method(int ver)
 {
-#ifndef OPENSSL_NO_SSL2
-	if (ver == SSL2_VERSION)
-		return (SSLv2_server_method());
-#endif
 	if (ver == SSL3_VERSION)
 		return (SSLv3_server_method());
 	else if (ver == TLS1_VERSION)
@@ -480,48 +476,8 @@ ssl23_get_client_hello(SSL *s)
 	/* s->state = SSL23_SR_CLNT_HELLO_C */
 
 	if (type == 1) {
-#ifdef OPENSSL_NO_SSL2
 		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
 		goto err;
-#else
-		/* we are talking sslv2 */
-		/* we need to clean up the SSLv3/TLSv1 setup and put in the
-		 * sslv2 stuff. */
-
-		if (s->s2 == NULL) {
-			if (!ssl2_new(s))
-				goto err;
-		} else
-			ssl2_clear(s);
-
-		if (s->s3 != NULL)
-			ssl3_free(s);
-
-		if (!BUF_MEM_grow_clean(s->init_buf,
-			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-			goto err;
-		}
-
-		s->state = SSL2_ST_GET_CLIENT_HELLO_A;
-		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
-			s->s2->ssl2_rollback = 0;
-		else
-			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
-			 * (SSL 3.0 draft/RFC 2246, App. E.2) */
-		s->s2->ssl2_rollback = 1;
-
-		/* setup the n bytes we have read so we get them from
-		 * the sslv2 buffer */
-		s->rstate = SSL_ST_READ_HEADER;
-		s->packet_length = n;
-		s->packet = &(s->s2->rbuf[0]);
-		memcpy(s->packet, buf, n);
-		s->s2->rbuf_left = n;
-		s->s2->rbuf_offs = 0;
-
-		s->method = SSLv2_server_method();
-		s->handshake_func = s->method->ssl_accept;
-#endif
 	}
 
 	if ((type == 2) || (type == 3)) {
-- 
cgit v1.2.3-55-g6feb