← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openssl/lucid-proposed

« back to all changes in this revision

Viewing changes to ssl/s23_clnt.c

  • Committer: Bazaar Package Importer
  • Author(s): Nicolas Valcárcel Scerpella (Canonical)
  • Date: 2009-12-06 20:16:24 UTC
  • mfrom: (11.1.9 sid)
  • Revision ID: james.westby@ubuntu.com-20091206201624-u126qjpqm2n2uuhu
Tags: 0.9.8k-7ubuntu1
https://launchpad.net/bugs/493392
* Merge from debian unstable, remaining changes (LP: #493392):
  - Link using -Bsymbolic-functions
  - Add support for lpia
  - Disable SSLv2 during compile
  - Ship documentation in openssl-doc, suggested by the package.
  - Use a different priority for libssl0.9.8/restart-services
    depending on whether a desktop, or server dist-upgrade is being
    performed.
  - Display a system restart required notification bubble on libssl0.9.8
    upgrade.
  - Replace duplicate files in the doc directory with symlinks.
  - Move runtime libraries to /lib, for the benefit of wpasupplicant
* Strip the patches out of the source into quilt patches
* Disable CVE-2009-3555.patch

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/s23_clnt.c
230
230
 
231
231
                if (s->tlsext_hostname != NULL)
232
232
                        ssl2_compat = 0;
 
233
                if (s->tlsext_status_type != -1)
 
234
                        ssl2_compat = 0;
233
235
                }
234
236
#endif
235
237
 
255
257
                        version_major = TLS1_VERSION_MAJOR;
256
258
                        version_minor = TLS1_VERSION_MINOR;
257
259
                        }
 
260
#ifdef OPENSSL_FIPS
 
261
                else if(FIPS_mode())
 
262
                        {
 
263
                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
 
264
                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
 
265
                        return -1;
 
266
                        }
 
267
#endif
258
268
                else if (version == SSL3_VERSION)
259
269
                        {
260
270
                        version_major = SSL3_VERSION_MAJOR;
534
544
                if ((p[2] == SSL3_VERSION_MINOR) &&
535
545
                        !(s->options & SSL_OP_NO_SSLv3))
536
546
                        {
 
547
#ifdef OPENSSL_FIPS
 
548
                        if(FIPS_mode())
 
549
                                {
 
550
                                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
 
551
                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
 
552
                                goto err;
 
553
                                }
 
554
#endif
537
555
                        s->version=SSL3_VERSION;
538
556
                        s->method=SSLv3_client_method();
539
557
                        }