Disable TLS support...

Just kidding!

unifdef OPENSSL_NO_TLS since we will never want to actually do that.

ok deraadt@

3 files changed, 0 insertions, 8 deletions

diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c
index 87916eb7638..b8fd4c92e5b 100644
--- a/lib/libssl/src/ssl/d1_pkt.c
+++ b/lib/libssl/src/ssl/d1_pkt.c
@@ -1161,13 +1161,11 @@ start:
 
 	switch (rr->type) {
 	default:
-#ifndef OPENSSL_NO_TLS
 		/* TLS just ignores unknown message types */
 		if (s->version == TLS1_VERSION) {
 			rr->length = 0;
 			goto start;
 		}
-#endif
 		al = SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
 		goto f_err;
diff --git a/lib/libssl/src/ssl/s23_clnt.c b/lib/libssl/src/ssl/s23_clnt.c
index 1bc582364bd..7a42b1f0ea3 100644
--- a/lib/libssl/src/ssl/s23_clnt.c
+++ b/lib/libssl/src/ssl/s23_clnt.c
@@ -309,14 +309,10 @@ ssl23_client_hello(SSL *s)
 	 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
 	 */
 	mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3;
-#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
 	version = TLS1_2_VERSION;
 
 	if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
 		version = TLS1_1_VERSION;
-#else
-	version = TLS1_1_VERSION;
-#endif
 	mask &= ~SSL_OP_NO_TLSv1_1;
 	if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
 		version = TLS1_VERSION;
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c
index e19aba55802..9af897eb47d 100644
--- a/lib/libssl/src/ssl/s3_pkt.c
+++ b/lib/libssl/src/ssl/s3_pkt.c
@@ -1304,7 +1304,6 @@ start:
 
 	switch (rr->type) {
 	default:
-#ifndef OPENSSL_NO_TLS
 		/*
 		 * TLS up to v1.1 just ignores unknown message types:
 		 * TLS v1.2 give an unexpected message alert.
@@ -1314,7 +1313,6 @@ start:
 			rr->length = 0;
 			goto start;
 		}
-#endif
 		al = SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
 		goto f_err;