提交 d92f0bb6 编写于 作者: L Lutz Jänicke

Remove SSL_OP_NON_EXPORT_FIRST:

It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have
the working SSL_OP_CIPHER_SERVER_PREFERENCE.
上级 710e5d56
......@@ -270,72 +270,6 @@ int ssl23_get_client_hello(SSL *s)
else if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
if (s->options & SSL_OP_NON_EXPORT_FIRST)
/* Not only utterly confusing, but broken
* ('fractured programming'?) -- the details
* of this block nearly make it work
* as intended in this environment, but on one
* of the fine points (w.r.t. restarts) it fails.
* The obvious fix would be even more devastating
* to program structure; if you want the functionality,
* throw this away and implement it in a way
* that makes sense */
{
#if 0
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
int ne2,ne3;
j=((p[0]&0x7f)<<8)|p[1];
if (j > (1024*4))
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
goto err;
}
n=ssl23_read_bytes(s,j+2);
if (n <= 0) return(n);
p=s->packet;
if ((buf=OPENSSL_malloc(n)) == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
goto err;
}
memcpy(buf,p,n);
p+=5;
n2s(p,csl);
p+=4;
sk=ssl_bytes_to_cipher_list(
s,p,csl,NULL);
if (sk != NULL)
{
ne2=ne3=0;
for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
{
c=sk_SSL_CIPHER_value(sk,j);
if (!SSL_C_IS_EXPORT(c))
{
if ((c->id>>24L) == 2L)
ne2=1;
else
ne3=1;
}
}
if (ne2 && !ne3)
{
type=1;
use_sslv2_strong=1;
goto next_bit;
}
}
#else
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
goto err;
#endif
}
}
}
else if ((p[0] == SSL3_RT_HANDSHAKE) &&
......
......@@ -347,9 +347,7 @@ typedef struct ssl_session_st
#define SSL_OP_PKCS1_CHECK_1 0x08000000L
#define SSL_OP_PKCS1_CHECK_2 0x10000000L
#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
#define SSL_OP_ALL 0x000FFFFFL
#define SSL_OP_NO_SSLv2 0x01000000L
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册