From 48fd490c6d3c0e5dcfb2f2464ce84adb6bc3ec7e Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 16 May 2009 11:16:43 +0000
Subject: Update from 1.0.0-stable.

---
 ssl/d1_lib.c  | 3 +++
 ssl/ssl_lib.c | 3 ---
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'ssl')

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 6450c1de85..58ea86304f 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -203,6 +203,9 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
 		{
 		if (ciph->algorithm_enc == SSL_RC4)
 			return NULL;
+		/* We currently don't support ECDH either */
+		if (ciph->algorithm_mkey & SSL_kEECDH)
+			return NULL;
 		}
 
 	return ciph;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index df808e817b..7b911ae1ea 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1343,9 +1343,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		    s->psk_client_callback == NULL)
 			continue;
 #endif /* OPENSSL_NO_PSK */
-		/* DTLS doesn't currently support ECDHE */
-		if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH))
-			continue;
 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
-- 
cgit v1.2.3