Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG.

This is a hack for an old version of SSLeay which predates OpenSSL.

2 files changed, 8 insertions, 11 deletions

diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
index b940c3d7d07..bacd3b84f01 100644
--- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
+++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
 .\"
-.\"	$OpenBSD: SSL_CTX_set_options.3,v 1.3 2015/06/15 02:57:05 doug Exp $
+.\"	$OpenBSD: SSL_CTX_set_options.3,v 1.4 2015/06/15 03:32:59 doug Exp $
 .\"
 .Dd $Mdocdate: June 15 2015 $
 .Dt SSL_CTX_SET_OPTIONS 3
@@ -119,7 +119,9 @@ this option has no effect.
 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
 OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
 .It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-\&...
+As of
+.Ox 5.8 ,
+this option has no effect.
 .It Dv SSL_OP_TLS_D5_BUG
 \&...
 .It Dv SSL_OP_TLS_BLOCK_PADDING_BUG
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 921d7797809..7f6a5a0bbde 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.103 2015/05/15 11:00:14 jsg Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.104 2015/06/15 03:32:59 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1867,14 +1867,9 @@ ssl3_get_client_key_exchange(SSL *s)
 			goto truncated;
 		n2s(p, i);
 		if (n != i + 2) {
-			if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				    SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-				goto err;
-			} else {
-				p -= 2;
-				i = (int)n;
-			}
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			    SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+			goto err;
 		}
 
 		if (n == 0L) {