From 2ff11427d41a52cb126e9892413db066f8ae166a Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 30 May 2014 05:27:32 +0000
Subject: While working on another diff I ended up looking to see why on earth
 the DTLS code had a chunk that checked to see if the SSL version was *not*
 DTLS. Turns out that this is inside a big #if 0 block with a comment
 explaining why DTLS will never need this code...

The DTLS code was clearly written by wholesale copying the SSLv3 code.
Any code not applicable to DTLS was seemingly #if 0'd or commented out
and left for others to find.

d1_pkt.c is copied from s3_pkt.c and it has a do_dtls1_write() function
that has the same function signature as do_ssl3_write(), except that the
create_empty_fragement (yes, that is the spelling in ssl_locl.h) argument
is unused for DTLS (although there is code that pretends to use it) since
it uses explicit IV (as the comment notes).

Instead of leaving this turd lying around, nuke the #if 0'd code (along
with the check for *not* DTLS) and remove the pointless
create_empty_fragment argument given the only two do_dtls1_write() calls
specify zero.

This kind of thing also makes you wonder how much actual peer review
occurred before the code was initially committed...

ok beck@
---
 src/lib/libssl/ssl_locl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 16d31f33d2..208610dac1 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -806,7 +806,7 @@ int dtls1_shutdown(SSL *s);
 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int dtls1_get_record(SSL *s);
 int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-    unsigned int len, int create_empty_fragement);
+    unsigned int len);
 int dtls1_dispatch_alert(SSL *s);
 int dtls1_enc(SSL *s, int snd);
 
-- 
cgit v1.2.3-55-g6feb