summaryrefslogtreecommitdiff
path: root/app/openssl/ssl/ssl_lib.c
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-09-26 09:46:26 +0200
committerParménides GV <parmegv@sdf.org>2014-09-26 09:46:26 +0200
commit394451dbae3e71282611058e00b5fd16c865f147 (patch)
tree17b71034d9350a2848603f5edf0a8b13025909be /app/openssl/ssl/ssl_lib.c
parent644fd02cf8da95b0b5a99fb9f2142628dd27f7c2 (diff)
Revert "Updated native subprojects from ics-openvpn."
This reverts commit d0e7ba3029b2fd42582413aa95773fe7dbdede90. I'll postpone this work for the next cycle, it's not trivial because it doesn't link properly.
Diffstat (limited to 'app/openssl/ssl/ssl_lib.c')
-rw-r--r--app/openssl/ssl/ssl_lib.c39
1 files changed, 1 insertions, 38 deletions
diff --git a/app/openssl/ssl/ssl_lib.c b/app/openssl/ssl/ssl_lib.c
index 3de68a78..8d2c3a76 100644
--- a/app/openssl/ssl/ssl_lib.c
+++ b/app/openssl/ssl/ssl_lib.c
@@ -1403,10 +1403,6 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
p=buf;
sk=s->session->ciphers;
-
- if (sk_SSL_CIPHER_num(sk) == 0)
- return NULL;
-
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
int n;
@@ -2675,10 +2671,6 @@ int SSL_get_error(const SSL *s,int i)
{
return(SSL_ERROR_WANT_X509_LOOKUP);
}
- if ((i < 0) && SSL_want_channel_id_lookup(s))
- {
- return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP);
- }
if (i == 0)
{
@@ -3427,41 +3419,12 @@ int SSL_cutthrough_complete(const SSL *s)
s->version >= SSL3_VERSION &&
s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */
(SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */
- ssl3_can_cutthrough(s) && /* cutthrough allowed */
+ SSL_get_cipher_bits(s, NULL) >= 128 && /* strong cipher choosen */
s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */
(s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/
s->state == SSL3_ST_CR_FINISHED_A));
}
-int ssl3_can_cutthrough(const SSL *s)
- {
- const SSL_CIPHER *c;
-
- /* require a strong enough cipher */
- if (SSL_get_cipher_bits(s, NULL) < 128)
- return 0;
-
- /* require ALPN or NPN extension */
- if (!s->s3->alpn_selected
-#ifndef OPENSSL_NO_NEXTPROTONEG
- && !s->s3->next_proto_neg_seen
-#endif
- )
- {
- return 0;
- }
-
- /* require a forward-secret cipher */
- c = SSL_get_current_cipher(s);
- if (!c || (c->algorithm_mkey != SSL_kEDH &&
- c->algorithm_mkey != SSL_kEECDH))
- {
- return 0;
- }
-
- return 1;
- }
-
/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
* vairable, freeing EVP_MD_CTX previously stored in that variable, if
* any. If EVP_MD pointer is passed, initializes ctx with this md