Update error codes.

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 22039fb1680bc418a6ddcb87696790551cdac1f0..3a87572b397399f9d97affdb46dd28f0a6e2f6dc 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1027,14 +1027,14 @@ int SSL_renegotiate(SSL *s)
        }
 
 int SSL_renegotiate_abbreviated(SSL *s)
-{
+       {
        if (s->renegotiate == 0)
                s->renegotiate=1;
-       
+
        s->new_session=0;
-       
+
        return(s->method->ssl_renegotiate(s));
-}
+       }
 
 int SSL_renegotiate_pending(SSL *s)
        {
@@ -1075,6 +1075,9 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
                s->max_cert_list=larg;
                return(l);
        case SSL_CTRL_SET_MTU:
+               if (larg < (long)dtls1_min_mtu())
+                       return 0;
+
                if (SSL_version(s) == DTLS1_VERSION ||
                    SSL_version(s) == DTLS1_BAD_VER)
                        {
@@ -1378,7 +1381,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                c=sk_SSL_CIPHER_value(sk,i);
                /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
                if ((c->algorithm_ssl & SSL_TLSV1_2) && 
-                       (TLS1_get_version(s) < TLS1_2_VERSION))
+                       (TLS1_get_client_version(s) < TLS1_2_VERSION))
                        continue;
 #ifndef OPENSSL_NO_KRB5
                if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
@@ -1846,8 +1849,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         * deployed might change this.
         */
        ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-       /* Disable TLS v1.2 by default for now */
-       ret->options |= SSL_OP_NO_TLSv1_2;
 
        return(ret);
 err:
@@ -3241,4 +3242,3 @@ IMPLEMENT_STACK_OF(SSL_CIPHER)
 IMPLEMENT_STACK_OF(SSL_COMP)
 IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
                                    ssl_cipher_id);
-