Remove SSL_OP_NON_EXPORT_FIRST:

It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have the working SSL_OP_CIPHER_SERVER_PREFERENCE.

Remove SSL_OP_NON_EXPORT_FIRST:
It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have the working SSL_OP_CIPHER_SERVER_PREFERENCE.
d92f0bb6 · Lutz Jänicke · 710e5d56 · d92f0bb6 · d92f0bb6
隐藏空白更改
内联并排

Showing with 1 addition and 69 deletion

ssl/s23_srvr.c ssl/s23_srvr.c +0 -66

ssl/ssl.h ssl/ssl.h +1 -3

未找到文件。
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -270,72 +270,6 @@ int ssl23_get_client_hello(SSL *s)
 				else if (!(s->options & SSL_OP_NO_SSLv2))
 					type=1;

-				if (s->options & SSL_OP_NON_EXPORT_FIRST)
-					/* Not only utterly confusing, but broken
-					 * ('fractured programming'?) -- the details
-					 * of this block nearly make it work
-					 * as intended in this environment, but on one
-					 * of the fine points (w.r.t. restarts) it fails.
-					 * The obvious fix would be even more devastating
-					 * to program structure; if you want the functionality,
-					 * throw this away and implement it in a way
-					 * that makes sense */
-					{
-#if 0
-					STACK_OF(SSL_CIPHER) *sk;
-					SSL_CIPHER *c;
-					int ne2,ne3;
-
-					j=((p[0]&0x7f)<<8)|p[1];
-					if (j > (1024*4))
-						{
-						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-						goto err;
-						}
-
-					n=ssl23_read_bytes(s,j+2);
-					if (n <= 0) return(n);
-					p=s->packet;
-
-					if ((buf=OPENSSL_malloc(n)) == NULL)
-						{
-						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
-						goto err;
-						}
-					memcpy(buf,p,n);
-
-					p+=5;
-					n2s(p,csl);
-					p+=4;
-
-					sk=ssl_bytes_to_cipher_list(
-						s,p,csl,NULL);
-					if (sk != NULL)
-						{
-						ne2=ne3=0;
-						for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
-							{
-							c=sk_SSL_CIPHER_value(sk,j);
-							if (!SSL_C_IS_EXPORT(c))
-								{
-								if ((c->id>>24L) == 2L)
-									ne2=1;
-								else
-									ne3=1;
-								}
-							}
-						if (ne2 && !ne3)
-							{
-							type=1;
-							use_sslv2_strong=1;
-							goto next_bit;
-							}
-						}
-#else
-					SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
-					goto err;
-#endif
-					}
 				}
 			}
 		else if ((p[0] == SSL3_RT_HANDSHAKE) &&

--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -347,9 +347,7 @@ typedef struct ssl_session_st
 #define SSL_OP_PKCS1_CHECK_1				0x08000000L
 #define SSL_OP_PKCS1_CHECK_2				0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
-/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
-#define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
 #define SSL_OP_ALL					0x000FFFFFL

 #define SSL_OP_NO_SSLv2					0x01000000L