Remove SSL_OP_NON_EXPORT_FIRST:
authorLutz Jänicke <jaenicke@openssl.org>
Wed, 1 Aug 2001 10:06:32 +0000 (10:06 +0000)
committerLutz Jänicke <jaenicke@openssl.org>
Wed, 1 Aug 2001 10:06:32 +0000 (10:06 +0000)
It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have
the working SSL_OP_CIPHER_SERVER_PREFERENCE.

ssl/s23_srvr.c
ssl/ssl.h

index 131054b..e0abbaf 100644 (file)
@@ -270,72 +270,6 @@ int ssl23_get_client_hello(SSL *s)
                                else if (!(s->options & SSL_OP_NO_SSLv2))
                                        type=1;
 
-                               if (s->options & SSL_OP_NON_EXPORT_FIRST)
-                                       /* Not only utterly confusing, but broken
-                                        * ('fractured programming'?) -- the details
-                                        * of this block nearly make it work
-                                        * as intended in this environment, but on one
-                                        * of the fine points (w.r.t. restarts) it fails.
-                                        * The obvious fix would be even more devastating
-                                        * to program structure; if you want the functionality,
-                                        * throw this away and implement it in a way
-                                        * that makes sense */
-                                       {
-#if 0
-                                       STACK_OF(SSL_CIPHER) *sk;
-                                       SSL_CIPHER *c;
-                                       int ne2,ne3;
-
-                                       j=((p[0]&0x7f)<<8)|p[1];
-                                       if (j > (1024*4))
-                                               {
-                                               SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-                                               goto err;
-                                               }
-
-                                       n=ssl23_read_bytes(s,j+2);
-                                       if (n <= 0) return(n);
-                                       p=s->packet;
-
-                                       if ((buf=OPENSSL_malloc(n)) == NULL)
-                                               {
-                                               SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
-                                               goto err;
-                                               }
-                                       memcpy(buf,p,n);
-
-                                       p+=5;
-                                       n2s(p,csl);
-                                       p+=4;
-
-                                       sk=ssl_bytes_to_cipher_list(
-                                               s,p,csl,NULL);
-                                       if (sk != NULL)
-                                               {
-                                               ne2=ne3=0;
-                                               for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
-                                                       {
-                                                       c=sk_SSL_CIPHER_value(sk,j);
-                                                       if (!SSL_C_IS_EXPORT(c))
-                                                               {
-                                                               if ((c->id>>24L) == 2L)
-                                                                       ne2=1;
-                                                               else
-                                                                       ne3=1;
-                                                               }
-                                                       }
-                                               if (ne2 && !ne3)
-                                                       {
-                                                       type=1;
-                                                       use_sslv2_strong=1;
-                                                       goto next_bit;
-                                                       }
-                                               }
-#else
-                                       SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
-                                       goto err;
-#endif
-                                       }
                                }
                        }
                else if ((p[0] == SSL3_RT_HANDSHAKE) &&
index 8d9c988..dc80ae9 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -347,9 +347,7 @@ typedef struct ssl_session_st
 #define SSL_OP_PKCS1_CHECK_1                           0x08000000L
 #define SSL_OP_PKCS1_CHECK_2                           0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG                      0x20000000L
-/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
-#define SSL_OP_NON_EXPORT_FIRST                        0x40000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG         0x80000000L
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG         0x40000000L
 #define SSL_OP_ALL                                     0x000FFFFFL
 
 #define SSL_OP_NO_SSLv2                                        0x01000000L