diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-06-16 16:56:43 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-06-16 16:56:43 +0000 |
commit | 14748adb096f124d4101578afed8d26da4f15f53 (patch) | |
tree | d03ebb869552073f10d40b14910c9ab0b6a93af6 /ssl/s23_clnt.c | |
parent | ff2ab9e6bbca8d9eed37dda647e8a37254ef2107 (diff) |
Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
Diffstat (limited to 'ssl/s23_clnt.c')
-rw-r--r-- | ssl/s23_clnt.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index c45a8e0a04..bc918170e1 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -257,6 +257,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } +#ifdef OPENSSL_FIPS + else if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return -1; + } +#endif else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; @@ -536,6 +544,14 @@ static int ssl23_get_server_hello(SSL *s) if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { +#ifdef OPENSSL_FIPS + if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } |