remove ssl2 support even more completely.

in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

1 files changed, 0 insertions, 44 deletions

diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c
index ca95d4e6362..a6062667a0f 100644
--- a/lib/libssl/src/ssl/s23_srvr.c
+++ b/lib/libssl/src/ssl/s23_srvr.c
@@ -121,10 +121,6 @@ int ssl23_get_client_hello(SSL *s);
 static const SSL_METHOD
 *ssl23_get_server_method(int ver)
 {
-#ifndef OPENSSL_NO_SSL2
-	if (ver == SSL2_VERSION)
-		return (SSLv2_server_method());
-#endif
 	if (ver == SSL3_VERSION)
 		return (SSLv3_server_method());
 	else if (ver == TLS1_VERSION)
@@ -480,48 +476,8 @@ ssl23_get_client_hello(SSL *s)
 	/* s->state = SSL23_SR_CLNT_HELLO_C */
 
 	if (type == 1) {
-#ifdef OPENSSL_NO_SSL2
 		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
 		goto err;
-#else
-		/* we are talking sslv2 */
-		/* we need to clean up the SSLv3/TLSv1 setup and put in the
-		 * sslv2 stuff. */
-
-		if (s->s2 == NULL) {
-			if (!ssl2_new(s))
-				goto err;
-		} else
-			ssl2_clear(s);
-
-		if (s->s3 != NULL)
-			ssl3_free(s);
-
-		if (!BUF_MEM_grow_clean(s->init_buf,
-			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-			goto err;
-		}
-
-		s->state = SSL2_ST_GET_CLIENT_HELLO_A;
-		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
-			s->s2->ssl2_rollback = 0;
-		else
-			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
-			 * (SSL 3.0 draft/RFC 2246, App. E.2) */
-		s->s2->ssl2_rollback = 1;
-
-		/* setup the n bytes we have read so we get them from
-		 * the sslv2 buffer */
-		s->rstate = SSL_ST_READ_HEADER;
-		s->packet_length = n;
-		s->packet = &(s->s2->rbuf[0]);
-		memcpy(s->packet, buf, n);
-		s->s2->rbuf_left = n;
-		s->s2->rbuf_offs = 0;
-
-		s->method = SSLv2_server_method();
-		s->handshake_func = s->method->ssl_accept;
-#endif
 	}
 
 	if ((type == 2) || (type == 3)) {