diff options
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 35 |
1 files changed, 4 insertions, 31 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f45b6dd6d3..5543defa47 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -263,7 +263,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), &(ctx->cipher_list_by_id), - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ctx->cert); + SSL_DEFAULT_CIPHER_LIST, ctx->cert); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); @@ -488,17 +488,6 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); - /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a - * callback is calling us to check the uniqueness of a shorter ID, it - * must be compared as a padded-out ID because that is what it will be - * converted to when the callback has finished choosing it. */ - if((r.ssl_version == SSL2_VERSION) && - (id_len < SSL2_SSL_SESSION_ID_LENGTH)) - { - memset(r.session_id + id_len, 0, - SSL2_SSL_SESSION_ID_LENGTH - id_len); - r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; - } CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); @@ -1943,7 +1932,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) /* ret->cipher=NULL;*/ /* ret->s2->challenge=NULL; ret->master_key=NULL; - ret->key_arg=NULL; ret->s2->conn_id=NULL; */ ret->info_callback=NULL; @@ -1977,7 +1965,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ssl_create_cipher_list(ret->method, &ret->cipher_list,&ret->cipher_list_by_id, - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ret->cert); + SSL_DEFAULT_CIPHER_LIST, ret->cert); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { @@ -1989,11 +1977,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if (!ret->param) goto err; - if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) - { - SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); - goto err2; - } if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); @@ -2780,17 +2763,9 @@ int SSL_get_error(const SSL *s,int i) if (i == 0) { - if (s->version == SSL2_VERSION) - { - /* assume it is the socket being closed */ + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) return(SSL_ERROR_ZERO_RETURN); - } - else - { - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return(SSL_ERROR_ZERO_RETURN); - } } return(SSL_ERROR_SYSCALL); } @@ -2874,8 +2849,6 @@ const char *SSL_get_version(const SSL *s) return("TLSv1"); else if (s->version == SSL3_VERSION) return("SSLv3"); - else if (s->version == SSL2_VERSION) - return("SSLv2"); else return("unknown"); } |