Update from 1.0.0-stable.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 16 May 2009 11:16:43 +0000 (11:16 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 16 May 2009 11:16:43 +0000 (11:16 +0000)
ssl/d1_lib.c
ssl/ssl_lib.c

index 6450c1d..58ea863 100644 (file)
@@ -203,6 +203,9 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
                {
                if (ciph->algorithm_enc == SSL_RC4)
                        return NULL;
+               /* We currently don't support ECDH either */
+               if (ciph->algorithm_mkey & SSL_kEECDH)
+                       return NULL;
                }
 
        return ciph;
index df808e8..7b911ae 100644 (file)
@@ -1343,9 +1343,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                    s->psk_client_callback == NULL)
                        continue;
 #endif /* OPENSSL_NO_PSK */
-               /* DTLS doesn't currently support ECDHE */
-               if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH))
-                       continue;
                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }