From e27a4fbc59fc24c61dde4d346e8ef3d550365271 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Fri, 30 May 2014 14:01:11 +0000
Subject: Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and
 SSL_USE_TLS1_2_CIPHERS.

Largely based on OpenSSL head.
---
 lib/libssl/t1_lib.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib/libssl/t1_lib.c')

diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index b15465d5500..fa70f21f95a 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -2028,7 +2028,7 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 	if (p >= limit)
 		return -1;
 	/* Skip past DTLS cookie */
-	if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+	if (SSL_IS_DTLS(s)) {
 		i = *(p++);
 		p += i;
 		if (p >= limit)
@@ -2296,9 +2296,10 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 	const EVP_MD *md;
 	CERT *c = s->cert;
 
-	/* Extension ignored for TLS versions below 1.2 */
-	if (TLS1_get_version(s) < TLS1_2_VERSION)
+	/* Extension ignored for inappropriate versions */
+	if (!SSL_USE_SIGALGS(s))
 		return 1;
+
 	/* Should never happen */
 	if (!c)
 		return 0;
-- 
cgit v1.2.3-59-g8ed1b