diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2008-06-16 16:56:43 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2008-06-16 16:56:43 +0000 |
| commit | 14748adb096f124d4101578afed8d26da4f15f53 (patch) | |
| tree | d03ebb869552073f10d40b14910c9ab0b6a93af6 /ssl/ssl_lib.c | |
| parent | ff2ab9e6bbca8d9eed37dda647e8a37254ef2107 (diff) | |
Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5c6ca2e666..68eee77e6f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1396,6 +1396,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) return(NULL); } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (meth->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return NULL; + } +#endif + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); |