From d92f0bb6e9ed94ac0c3aa0c939f2565f2ed95935 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Wed, 1 Aug 2001 10:06:32 +0000
Subject: [PATCH] Remove SSL_OP_NON_EXPORT_FIRST: It did not work, it was
 deactivated by #if 0/#endif anyway _and_ we now have the working
 SSL_OP_CIPHER_SERVER_PREFERENCE.

---
 ssl/s23_srvr.c | 66 --------------------------------------------------
 ssl/ssl.h      |  4 +--
 2 files changed, 1 insertion(+), 69 deletions(-)

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 131054b411..e0abbaf834 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -270,72 +270,6 @@ int ssl23_get_client_hello(SSL *s)
 				else if (!(s->options & SSL_OP_NO_SSLv2))
 					type=1;
 
-				if (s->options & SSL_OP_NON_EXPORT_FIRST)
-					/* Not only utterly confusing, but broken
-					 * ('fractured programming'?) -- the details
-					 * of this block nearly make it work
-					 * as intended in this environment, but on one
-					 * of the fine points (w.r.t. restarts) it fails.
-					 * The obvious fix would be even more devastating
-					 * to program structure; if you want the functionality,
-					 * throw this away and implement it in a way
-					 * that makes sense */
-					{
-#if 0
-					STACK_OF(SSL_CIPHER) *sk;
-					SSL_CIPHER *c;
-					int ne2,ne3;
-
-					j=((p[0]&0x7f)<<8)|p[1];
-					if (j > (1024*4))
-						{
-						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-						goto err;
-						}
-
-					n=ssl23_read_bytes(s,j+2);
-					if (n <= 0) return(n);
-					p=s->packet;
-
-					if ((buf=OPENSSL_malloc(n)) == NULL)
-						{
-						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
-						goto err;
-						}
-					memcpy(buf,p,n);
-
-					p+=5;
-					n2s(p,csl);
-					p+=4;
-
-					sk=ssl_bytes_to_cipher_list(
-						s,p,csl,NULL);
-					if (sk != NULL)
-						{
-						ne2=ne3=0;
-						for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
-							{
-							c=sk_SSL_CIPHER_value(sk,j);
-							if (!SSL_C_IS_EXPORT(c))
-								{
-								if ((c->id>>24L) == 2L)
-									ne2=1;
-								else
-									ne3=1;
-								}
-							}
-						if (ne2 && !ne3)
-							{
-							type=1;
-							use_sslv2_strong=1;
-							goto next_bit;
-							}
-						}
-#else
-					SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
-					goto err;
-#endif
-					}
 				}
 			}
 		else if ((p[0] == SSL3_RT_HANDSHAKE) &&
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 8d9c988fae..dc80ae9e43 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -347,9 +347,7 @@ typedef struct ssl_session_st
 #define SSL_OP_PKCS1_CHECK_1				0x08000000L
 #define SSL_OP_PKCS1_CHECK_2				0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
-/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
-#define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
 #define SSL_OP_ALL					0x000FFFFFL
 
 #define SSL_OP_NO_SSLv2					0x01000000L
-- 
2.34.1