From 2cc456829e290c8c01ffd29532e961a810d0f05e Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Fri, 18 Apr 2014 15:39:53 +0000
Subject: Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only
 keep the #define for compat, but document that it's a no-op now.  Also,
 neuter the -legacy_renegotiation option to "openssl s_{client,server}"

ok beck@
---
 src/lib/libssl/s3_pkt.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src/lib/libssl/s3_pkt.c')

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index e901268a34..ec73ef50bd 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1095,8 +1095,7 @@ start:
 	    (s->version > SSL3_VERSION) &&
 	    (s->s3->handshake_fragment_len >= 4) &&
 	    (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
-	    (s->session != NULL) && (s->session->cipher != NULL) &&
-	    !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+	    (s->session != NULL) && (s->session->cipher != NULL)) {
 		/*s->s3->handshake_fragment_len = 0;*/
 		rr->length = 0;
 		ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
-- 
cgit v1.2.3-55-g6feb