From: Dr. Stephen Henson Date: Wed, 13 May 2009 16:38:51 +0000 (+0000) Subject: Update from stable branch. X-Git-Tag: OpenSSL-fips-2_0-rc1~1671 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6f71e5ee6af9db9c565456018ff6af81560bb98a;p=oweals%2Fopenssl.git Update from stable branch. --- diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 7b911ae1ea..df808e817b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1343,6 +1343,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, s->psk_client_callback == NULL) continue; #endif /* OPENSSL_NO_PSK */ + /* DTLS doesn't currently support ECDHE */ + if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH)) + continue; j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); p+=j; } diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 26dee73bfa..070161021b 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -117,6 +117,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) s="SSLv3"; else if (x->ssl_version == TLS1_VERSION) s="TLSv1"; + else if (x->ssl_version == DTLS1_VERSION) + s="DTLSv1"; + else if (x->ssl_version == DTLS1_BAD_VER) + s="DTLSv1-bad"; else s="unknown"; if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;