Add support for magic cipher suite value (MCSV). Make secure renegotiation

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index a685fd5f0b250ee026f5b2eadac2b89bd627abf4..a3bb3aef1ec5899be5ed9cffd1d7152f67b18516 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -957,7 +957,7 @@ int ssl3_get_client_hello(SSL *s)
 
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extensions*/
-       if (s->version > SSL3_VERSION && s->version != DTLS1_VERSION && s->version != DTLS1_BAD_VER)
+       if (s->version >= SSL3_VERSION)
                {
                if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
                        {
@@ -970,17 +970,6 @@ int ssl3_get_client_hello(SSL *s)
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
                        goto err;
                }
-
-       /* DTLS extensions */
-       if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
-               {
-               if (!ssl_parse_clienthello_dtlsext(s,&p,d,n, &al))
-                       {
-                               /* 'al' set by ssl_parse_clienthello_dtlsext */
-                               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
-                               goto f_err;
-                       }
-               }
 #endif
        /* Worst case, we will use the NULL compression, but if we have other
         * options, we will now look for them.  We have i-1 compression