6332476 CAN-2005-2969 upgrade OpenSSL to 0.9.7h or 0.9.8a

2 files changed, 3 insertions, 8 deletions

diff --git a/usr/src/common/openssl/ssl/s23_srvr.c b/usr/src/common/openssl/ssl/s23_srvr.c
index c5404ca0bc..5139477eb7 100644
--- a/usr/src/common/openssl/ssl/s23_srvr.c
+++ b/usr/src/common/openssl/ssl/s23_srvr.c
@@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
 	int n=0,j;
 	int type=0;
 	int v[2];
-#ifndef OPENSSL_NO_RSA
-	int use_sslv2_strong=0;
-#endif
 
 	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
 		{
@@ -519,9 +516,7 @@ int ssl23_get_client_hello(SSL *s)
 			}
 
 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-			use_sslv2_strong ||
-			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
 			s->s2->ssl2_rollback=0;
 		else
 			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
diff --git a/usr/src/common/openssl/ssl/ssl.h b/usr/src/common/openssl/ssl/ssl.h
index 3957fc7d98..9261f28ea9 100644
--- a/usr/src/common/openssl/ssl/ssl.h
+++ b/usr/src/common/openssl/ssl/ssl.h
@@ -165,7 +165,7 @@
 /*
  * The portions of this code that are #ifdef CRYPTO_UNLIMITED are
  *
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  */
@@ -479,7 +479,7 @@ typedef struct ssl_session_st
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L