From 8a8f3f13dd1fd3d25edeb39c5f7566180cd105f8 Mon Sep 17 00:00:00 2001
From: tedu <tedu@openbsd.org>
Date: Mon, 5 May 2014 15:03:22 +0000
Subject: Remove SRP and Kerberos support from libssl. These are complex
 protocols all on their own and we can't effectively maintain them without
 using them, which we don't. If the need arises, the code can be resurrected.

---
 lib/libssl/src/ssl/ssl_ciph.c | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'lib/libssl/src/ssl/ssl_ciph.c')

diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index 00ab752de1a..a1523524a1e 100644
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -702,10 +702,8 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
 	*mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
 	*auth |= SSL_aDH;
 #endif
-#ifdef OPENSSL_NO_KRB5
 	*mkey |= SSL_kKRB5;
 	*auth |= SSL_aKRB5;
-#endif
 #ifdef OPENSSL_NO_ECDSA
 	*auth |= SSL_aECDSA;
 #endif
@@ -717,9 +715,7 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
 	*mkey |= SSL_kPSK;
 	*auth |= SSL_aPSK;
 #endif
-#ifdef OPENSSL_NO_SRP
 	*mkey |= SSL_kSRP;
-#endif
 	/* Check for presence of GOST 34.10 algorithms, and if they
 	 * do not present, disable  appropriate auth and key exchange */
 	if (!get_optional_pkey_id("gost94")) {
-- 
cgit v1.2.3-59-g8ed1b