remove ancient SSLeay bug workaround

Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 81a3ed7044268be9c7af9a5ac69671b054598503..04ce44499a8c943539ef73bae848dd248dd8bde5 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -364,7 +364,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
 # define SSL_OP_TLSEXT_PADDING                           0x00000010U
 # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020U
 # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
-# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080U
+/* Ancient SSLeay version, retained for compatibility */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
 # define SSL_OP_TLS_D5_BUG                               0x00000100U
 /* Removed from OpenSSL 1.1.0 */
 # define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0U

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 51dcc9eee818d0348b4e8da81437073f64ce162b..6c6e41dcb358c5ae34937fbd364baa3e9f2423ae 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2421,14 +2421,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
             i = 0;
         }
         if (PACKET_remaining(pkt) != i) {
-            if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
-                SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-                goto err;
-            } else {
-                *pkt = bookmark;
-                i = PACKET_remaining(pkt);
-            }
+            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+            goto err;
         }
         if (alg_k & SSL_kDHr)
             idx = SSL_PKEY_DH_RSA;