commit a69b00f3432cbf516436c5cecdd177d14f3c4a5a
author Brian Carlstrom <bdc@google.com> Fri Mar 12 12:19:27 2010 -0800
committer Brian Carlstrom <bdc@google.com> Fri Mar 12 12:19:27 2010 -0800
tree ce931b57759ecd354bbde5211bd28dfc8e0ee923
parent 36fa7aa6abef21886f646867077ebf07088d428c

b/2453395 cannot reach sslvpn.broadcom.com

Disabled handshake_cutthrough.patch in openssl.config

Change-Id: I4fe837876198dcf0593c5f5d32174d8af76f3f9f

ssl/s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 5893064..e5138b6 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -182,13 +182,6 @@
 	
 	s->in_handshake++;
 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-	if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
-		{
-		/* Reneotiation complicates the state machine */
-		s->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
-		/* Send app data along with CCS/Finished */
-		s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED;
-		}
 
 	for (;;)
 		{
@@ -457,29 +450,14 @@
 				}
 			else
 				{
-				if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128)
-					{
-					if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
-						{
-						s->state=SSL3_ST_CUTTHROUGH_COMPLETE;
-						s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
-						s->s3->delay_buf_pop_ret=0;
-						}
-					else
-						{
-						s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE;
-						}
-					}
-				else
-					{
 #ifndef OPENSSL_NO_TLSEXT
-					/* Allow NewSessionTicket if ticket expected */
-					if (s->tlsext_ticket_expected)
-						s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
-					else
+				/* Allow NewSessionTicket if ticket expected */
+				if (s->tlsext_ticket_expected)
+					s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
+				else
 #endif
-						s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-					}
+				
+				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
 				}
 			s->init_num=0;
 			break;
@@ -527,24 +505,6 @@
 			s->state=s->s3->tmp.next_state;
 			break;
 
-		case SSL3_ST_CUTTHROUGH_COMPLETE:
-#ifndef OPENSSL_NO_TLSEXT
-			/* Allow NewSessionTicket if ticket expected */
-			if (s->tlsext_ticket_expected)
-				s->state=SSL3_ST_CR_SESSION_TICKET_A;
-			else
-#endif
-				s->state=SSL3_ST_CR_FINISHED_A;
-
-			/* SSL_write() will take care of flushing buffered data if
-			 * DELAY_CLIENT_FINISHED is set.
-			 */
-			if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED))
-				ssl_free_wbio_buffer(s);
-			ret = 1;
-			goto end;
-			/* break; */
-
 		case SSL_ST_OK:
 			/* clean a few things up */
 			ssl3_cleanup_key_block(s);