summaryrefslogtreecommitdiff
path: root/core/openssl/disable-tls12-client.patch
blob: edb87e77f17f913e7125eaf16d50dcee5bc92867 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Index: openssl/ssl/t1_lib.c
RCS File: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
rcsdiff -q -kk '-r1.64.2.14.2.31' '-r1.64.2.14.2.32' -u '/v/openssl/cvs/openssl/ssl/t1_lib.c,v' 2>/dev/null
--- t1_lib.c	2012/02/27 16:38:10	1.64.2.14.2.31
+++ t1_lib.c	2012/03/21 21:32:57	1.64.2.14.2.32
@@ -544,7 +544,7 @@
 		}
 		skip_ext:
 
-	if (TLS1_get_version(s) >= TLS1_2_VERSION)
+	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
 		{
 		if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
 			return NULL; 
Index: openssl/ssl/s23_clnt.c
RCS File: /v/openssl/cvs/openssl/ssl/s23_clnt.c,v
rcsdiff -q -kk '-r1.43.2.4.2.5' '-r1.43.2.4.2.6' -u '/v/openssl/cvs/openssl/ssl/s23_clnt.c,v' 2>/dev/null
--- s23_clnt.c	2011/05/19 18:22:15	1.43.2.4.2.5
+++ s23_clnt.c	2012/03/29 19:08:54	1.43.2.4.2.6
@@ -287,12 +287,14 @@
 
 	if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
 		ssl2_compat = 0;
-
+#ifndef OPENSSL_NO_TLS1_2_CLIENT
 	if (!(s->options & SSL_OP_NO_TLSv1_2))
 		{
 		version = TLS1_2_VERSION;
 		}
-	else if (!(s->options & SSL_OP_NO_TLSv1_1))
+	else
+#endif
+	if (!(s->options & SSL_OP_NO_TLSv1_1))
 		{
 		version = TLS1_1_VERSION;
 		}