From: Dr. Stephen Henson Date: Tue, 16 Feb 2010 14:20:40 +0000 (+0000) Subject: PR: 2171 X-Git-Tag: OpenSSL_1_0_0~49 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=45d6a15ae97fce06d50a5b33d403a44c39d89ff8;p=oweals%2Fopenssl.git PR: 2171 Submitted by: Tomas Mraz Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it. --- diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 53e080ee8e..c4d8bf2eb3 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -305,9 +305,6 @@ static int ssl23_client_hello(SSL *s) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; - if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - ssl2_compat = 0; - #ifdef TLSEXT_TYPE_opaque_prf_input if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) ssl2_compat = 0; diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index fe479fcbcb..836dd1f1cf 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -495,11 +495,6 @@ int ssl23_get_client_hello(SSL *s) SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else - if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - goto err; - } /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */