Add AES-SHA256 stitch.

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d529b8541f65d5908b34ea310ba2212a2d179a0f..c3b40323687cd0ddbd733044b83319150f00c9a8 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1112,8 +1112,7 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
                        return 0;
 #endif
 
-               if (SSL_version(s) == DTLS1_VERSION ||
-                   SSL_version(s) == DTLS1_BAD_VER)
+               if (SSL_IS_DTLS(s))
                        {
                        s->d1->mtu = larg;
                        return larg;
@@ -1866,7 +1865,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
        ret->extra_certs=NULL;
-       ret->comp_methods=SSL_COMP_get_compression_methods();
+       /* No compression for DTLS */
+       if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
+               ret->comp_methods=SSL_COMP_get_compression_methods();
 
        ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
 
@@ -2404,7 +2405,7 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
        /* Broken protocol test: return last used certificate: which may
         * mismatch the one expected.
         */
-       if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+       if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
                return c->key;
 #endif
 
@@ -2431,7 +2432,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
        /* Broken protocol test: use last key: which may
         * mismatch the one expected.
         */
-       if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+       if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
                idx = c->key - c->pkeys;
        else
 #endif