summaryrefslogtreecommitdiff
path: root/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/s3_srvr.c')
-rw-r--r--lib/libssl/s3_srvr.c97
1 files changed, 1 insertions, 96 deletions
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index a3e62ea3239..200b3b6bf2e 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.70 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -884,9 +884,6 @@ ssl3_get_client_hello(SSL *s)
unsigned long id;
unsigned char *p, *d, *q;
SSL_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
- SSL_COMP *comp = NULL;
-#endif
STACK_OF(SSL_CIPHER) *ciphers = NULL;
/*
@@ -1173,96 +1170,11 @@ ssl3_get_client_hello(SSL *s)
}
/*
- * Worst case, we will use the NULL compression, but if we have other
- * options, we will now look for them. We have i-1 compression
- * algorithms from the client, starting at q.
- */
- s->s3->tmp.new_compression = NULL;
-#ifndef OPENSSL_NO_COMP
- /* This only happens if we have a cache hit */
- if (s->session->compress_meth != 0) {
- int m, comp_id = s->session->compress_meth;
- /* Perform sanity checks on resumed compression algorithm */
- /* Can't disable compression */
- if (s->options & SSL_OP_NO_COMPRESSION) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_INCONSISTENT_COMPRESSION);
- goto f_err;
- }
- /* Look for resumed compression method */
- for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
- comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
- if (comp_id == comp->id) {
- s->s3->tmp.new_compression = comp;
- break;
- }
- }
- if (s->s3->tmp.new_compression == NULL) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_INVALID_COMPRESSION_ALGORITHM);
- goto f_err;
- }
- /* Look for resumed method in compression list */
- for (m = 0; m < i; m++) {
- if (q[m] == comp_id)
- break;
- }
- if (m >= i) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
- goto f_err;
- }
- } else if (s->hit)
- comp = NULL;
- else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
- { /* See if we have a match */
- int m, nn, o, v, done = 0;
-
- nn = sk_SSL_COMP_num(s->ctx->comp_methods);
- for (m = 0; m < nn; m++) {
- comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
- v = comp->id;
- for (o = 0; o < i; o++) {
- if (v == q[o]) {
- done = 1;
- break;
- }
- }
- if (done)
- break;
- }
- if (done)
- s->s3->tmp.new_compression = comp;
- else
- comp = NULL;
- }
-#else
- /*
- * If compression is disabled we'd better not try to resume a session
- * using compression.
- */
- if (s->session->compress_meth != 0) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_INCONSISTENT_COMPRESSION);
- goto f_err;
- }
-#endif
-
- /*
* Given s->session->ciphers and SSL_get_ciphers, we must
* pick a cipher
*/
if (!s->hit) {
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth = 0;
-#else
- s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
-#endif
if (s->session->ciphers != NULL)
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers = ciphers;
@@ -1405,14 +1317,7 @@ ssl3_send_server_hello(SSL *s)
p += i;
/* put the compression method */
-#ifdef OPENSSL_NO_COMP
*(p++) = 0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- *(p++) = 0;
- else
- *(p++) = s->s3->tmp.new_compression->id;
-#endif
if (ssl_prepare_serverhello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
SSL_R_SERVERHELLO_TLSEXT);