diff options
| author | David Benjamin <davidben@chromium.org> | 2014-07-15 08:54:26 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-07-25 01:14:08 +0400 |
| commit | 060d9d2c563b3fbe00eff93e5033591504516e6c (patch) | |
| tree | 7de2c146ea4bb0fb4d04d6fd6b217f47f02a1565 /ssl/d1_srvr.c | |
| parent | 5ffeb7c22f367ba0094c3ef886ff6ec13ed63ded (diff) | |
Remove support code for export cipher suites.
Now the only case where temporary RSA keys are used on the server end is
non-signing keys.
Change-Id: I55f6c206e798dd28548c386fdffd555ccc395477
Reviewed-on: https://boringssl-review.googlesource.com/1285
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/d1_srvr.c')
| -rw-r--r-- | ssl/d1_srvr.c | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 5fe5a588..91b047a6 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -391,14 +391,7 @@ int dtls1_accept(SSL *s) */ if (ssl_cipher_requires_server_key_exchange(s->s3->tmp.new_cipher) || ((alg_a & SSL_aPSK) && s->session->psk_identity_hint) || - ((alg_k & SSL_kRSA) - && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) - && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) - ) - ) - ) - ) + ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))) { dtls1_start_timer(s); ret=ssl3_send_server_key_exchange(s); |