Delete duplicate entry.

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 68b1ada5bce1a493326616c357ae5f91c59e48eb..220533734ac0746b19352186bee0c8cf733af334 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1678,7 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -1710,7 +1710,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
@@ -3029,8 +3029,6 @@ void ssl3_free(SSL *s)
        SSL_SRP_CTX_free(s);
 #endif
 #ifndef OPENSSL_NO_TLSEXT
-       if (s->s3->tlsext_authz_client_types != NULL)
-               OPENSSL_free(s->s3->tlsext_authz_client_types);
        if (s->s3->tlsext_custom_types != NULL)
                OPENSSL_free(s->s3->tlsext_custom_types);
 #endif
@@ -3078,11 +3076,6 @@ void ssl3_clear(SSL *s)
                }
 #endif
 #ifndef OPENSSL_NO_TLSEXT
-       if (s->s3->tlsext_authz_client_types != NULL)
-               {
-               OPENSSL_free(s->s3->tlsext_authz_client_types);
-               s->s3->tlsext_authz_client_types = NULL;
-               }
        if (s->s3->tlsext_custom_types != NULL)
                {
                OPENSSL_free(s->s3->tlsext_custom_types);
@@ -3091,8 +3084,8 @@ void ssl3_clear(SSL *s)
        s->s3->tlsext_custom_types_count = 0;   
 #ifndef OPENSSL_NO_EC
        s->s3->is_probably_safari = 0;
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_TLSEXT */
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
        rp = s->s3->rbuf.buf;
        wp = s->s3->wbuf.buf;
@@ -3892,10 +3885,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
        case SSL_CTRL_SET_CHAIN_CERT_STORE:
                return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
 
-       case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
-               ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
-               break;
-
 #endif /* !OPENSSL_NO_TLSEXT */
 
        /* A Thawte special :-) */
@@ -4005,12 +3994,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
                break;
 #endif
-
-       case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB:
-               ctx->tlsext_authz_server_audit_proof_cb =
-                       (int (*)(SSL *, void *))fp;
-               break;
-
 #endif
        case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
                {
@@ -4173,15 +4156,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                ii=sk_SSL_CIPHER_find(allow,c);
                if (ii >= 0)
                        {
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
                        if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
                                {
                                if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+                               continue;
                                }
-                       else
-                               {
-                               ret=sk_SSL_CIPHER_value(allow,ii);
-                               break;
-                               }
+#endif
+                       ret=sk_SSL_CIPHER_value(allow,ii);
+                       break;
                        }
                }
        return(ret);