diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7edda2a7..1c3c55a5 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -438,10 +438,8 @@ struct ssl_session_st unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -#ifndef OPENSSL_NO_PSK char *psk_identity_hint; char *psk_identity; -#endif /* Used to indicate that session resumption is not allowed. * Applications can also set this bit for a new session via * not_resumable_session_cb to disable session caching and tickets. */ @@ -1011,14 +1009,12 @@ struct ssl_ctx_st int (*tlsext_status_cb)(SSL *ssl, void *arg); void *tlsext_status_arg; -#ifndef OPENSSL_NO_PSK char *psk_identity_hint; unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len); unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len); -#endif #ifndef OPENSSL_NO_BUF_FREELISTS #define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 @@ -1201,7 +1197,6 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned *len); -#ifndef OPENSSL_NO_PSK /* the maximum length of the buffer given to callbacks containing the * resulting identity/psk */ #define PSK_MAX_IDENTITY_LEN 128 @@ -1224,7 +1219,6 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); const char *SSL_get_psk_identity_hint(const SSL *s); const char *SSL_get_psk_identity(const SSL *s); -#endif #define SSL_NOTHING 1 #define SSL_WRITING 2 @@ -1372,7 +1366,6 @@ struct ssl_st int error; /* error bytes to be written */ int error_code; /* actual code */ -#ifndef OPENSSL_NO_PSK /* PSK identity hint is stored here only to enable setting a hint on an SSL object before an * SSL_SESSION is associated with it. Once an SSL_SESSION is associated with this SSL object, * the psk_identity_hint from the session takes precedence over this one. */ @@ -1382,7 +1375,6 @@ struct ssl_st unsigned int max_psk_len); unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len); -#endif SSL_CTX *ctx; /* set this flag to 1 and a sleep(1) is put into all SSL_read() diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index f0dbe378..59c5ec3f 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -393,9 +393,7 @@ int dtls1_accept(SSL *s) if (s->s3->tmp.use_rsa_tmp /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ -#ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->session->psk_identity_hint) -#endif || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) || (alg_k & SSL_kEECDH) || ((alg_k & SSL_kRSA) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d2dd3b53..3ed360d8 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1249,7 +1249,6 @@ int ssl3_get_server_key_exchange(SSL *s) return -1; } -#ifndef OPENSSL_NO_PSK /* In plain PSK ciphersuite, ServerKeyExchange can be omitted if no identity hint is sent. Set session->sess_cert anyway to avoid problems @@ -1267,7 +1266,6 @@ int ssl3_get_server_key_exchange(SSL *s) s->session->psk_identity_hint = NULL; } } -#endif s->s3->tmp.reuse_message=1; return(1); } @@ -1308,7 +1306,6 @@ int ssl3_get_server_key_exchange(SSL *s) alg_a=s->s3->tmp.new_cipher->algorithm_auth; EVP_MD_CTX_init(&md_ctx); -#ifndef OPENSSL_NO_PSK if (alg_a & SSL_aPSK) { CBS psk_identity_hint; @@ -1346,7 +1343,6 @@ int ssl3_get_server_key_exchange(SSL *s) goto f_err; } } -#endif /* !OPENSSL_NO_PSK */ if (0) {} else if (alg_k & SSL_kRSA) @@ -2010,10 +2006,8 @@ int ssl3_send_client_key_exchange(SSL *s) unsigned char *encodedPoint = NULL; int encoded_pt_len = 0; BN_CTX * bn_ctx = NULL; -#ifndef OPENSSL_NO_PSK unsigned int psk_len = 0; unsigned char psk[PSK_MAX_PSK_LEN]; -#endif /* OPENSSL_NO_PSK */ #endif /* OPENSSL_NO_ECDH */ if (s->state == SSL3_ST_CW_KEY_EXCH_A) @@ -2023,7 +2017,6 @@ int ssl3_send_client_key_exchange(SSL *s) alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; -#ifndef OPENSSL_NO_PSK if (alg_a & SSL_aPSK) { char identity[PSK_MAX_IDENTITY_LEN + 1]; @@ -2100,7 +2093,6 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } } -#endif /* Fool emacs indentation */ if (0) {} @@ -2270,12 +2262,10 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY *tkey; int ecdh_clnt_cert = 0; int field_size = 0; -#ifndef OPENSSL_NO_PSK unsigned char *pre_ms; unsigned char *t; unsigned int pre_ms_len; unsigned int i; -#endif if (s->session->sess_cert == NULL) { @@ -2399,7 +2389,6 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } -#ifndef OPENSSL_NO_PSK /* ECDHE PSK ciphersuites from RFC 5489 */ if ((alg_a & SSL_aPSK) && psk_len != 0) { @@ -2423,7 +2412,6 @@ int ssl3_send_client_key_exchange(SSL *s) OPENSSL_cleanse(pre_ms, pre_ms_len); OPENSSL_free(pre_ms); } -#endif /* OPENSSL_NO_PSK */ if (!(alg_a & SSL_aPSK)) { /* generate master key from the result */ @@ -2467,7 +2455,6 @@ int ssl3_send_client_key_exchange(SSL *s) encodedPoint, encoded_pt_len, bn_ctx); n = 0; -#ifndef OPENSSL_NO_PSK if ((alg_a & SSL_aPSK) && psk_len != 0) { i = strlen(s->session->psk_identity); @@ -2476,7 +2463,6 @@ int ssl3_send_client_key_exchange(SSL *s) p += i; n = i + 2; } -#endif *p = encoded_pt_len; /* length of encoded point */ /* Encoded point will be copied here */ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 81719c66..34635bc2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1368,7 +1368,6 @@ SSL_CIPHER ssl3_ciphers[]={ }, #endif /* OPENSSL_NO_CAMELLIA */ -#ifndef OPENSSL_NO_PSK /* Cipher 8A */ { 1, @@ -1432,7 +1431,6 @@ SSL_CIPHER ssl3_ciphers[]={ 256, 256, }, -#endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SEED /* SEED ciphersuites from RFC4162 */ @@ -2419,7 +2417,6 @@ SSL_CIPHER ssl3_ciphers[]={ 256, }, -#ifndef OPENSSL_NO_PSK /* ECDH PSK ciphersuites */ /* Cipher CAFE */ { @@ -2437,7 +2434,6 @@ SSL_CIPHER ssl3_ciphers[]={ 128, 128, }, -#endif /* OPENSSL_NO_PSK */ #endif /* OPENSSL_NO_ECDH */ @@ -3571,11 +3567,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, alg_k=c->algorithm_mkey; alg_a=c->algorithm_auth; -#ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL) ok = 0; -#endif /* OPENSSL_NO_PSK */ if (SSL_C_IS_EXPORT(c)) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index a0c8d388..ab947869 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -402,9 +402,7 @@ int ssl3_accept(SSL *s) /* PSK: send ServerKeyExchange if either: * - PSK identity hint is provided, or * - the key exchange is kEECDH. */ -#ifndef OPENSSL_NO_PSK || ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->session->psk_identity_hint)) -#endif || (alg_k & SSL_kEDH) || (alg_k & SSL_kEECDH) || ((alg_k & SSL_kRSA) @@ -1469,10 +1467,8 @@ int ssl3_send_server_key_exchange(SSL *s) int curve_id = 0; BN_CTX *bn_ctx = NULL; #endif -#ifndef OPENSSL_NO_PSK const char* psk_identity_hint; size_t psk_identity_hint_len; -#endif EVP_PKEY *pkey; const EVP_MD *md = NULL; unsigned char *p,*d; @@ -1497,7 +1493,6 @@ int ssl3_send_server_key_exchange(SSL *s) r[0]=r[1]=r[2]=r[3]=NULL; n=0; -#ifndef OPENSSL_NO_PSK if (alg_a & SSL_aPSK) { /* size for PSK identity hint */ @@ -1508,7 +1503,6 @@ int ssl3_send_server_key_exchange(SSL *s) psk_identity_hint_len = 0; n+=2+psk_identity_hint_len; } -#endif /* !OPENSSL_NO_PSK */ if (alg_k & SSL_kRSA) { rsa=cert->rsa_tmp; @@ -1769,7 +1763,6 @@ int ssl3_send_server_key_exchange(SSL *s) /* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK. * When one of them is used, the server key exchange record needs to have both * the psk_identity_hint and the ServerECDHParams. */ -#ifndef OPENSSL_NO_PSK if (alg_a & SSL_aPSK) { /* copy PSK identity hint (if provided) */ @@ -1780,7 +1773,6 @@ int ssl3_send_server_key_exchange(SSL *s) p+=psk_identity_hint_len; } } -#endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_ECDH if (alg_k & SSL_kEECDH) @@ -2008,10 +2000,8 @@ int ssl3_get_client_key_exchange(SSL *s) EVP_PKEY *clnt_pub_pkey = NULL; EC_POINT *clnt_ecpoint = NULL; BN_CTX *bn_ctx = NULL; -#ifndef OPENSSL_NO_PSK unsigned int psk_len = 0; unsigned char psk[PSK_MAX_PSK_LEN]; -#endif /* OPENSSL_NO_PSK */ #endif n=s->method->ssl_get_message(s, @@ -2027,7 +2017,6 @@ int ssl3_get_client_key_exchange(SSL *s) alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; -#ifndef OPENSSL_NO_PSK /* If using a PSK key exchange, prepare the pre-shared key. */ if (alg_a & SSL_aPSK) { @@ -2082,7 +2071,6 @@ int ssl3_get_client_key_exchange(SSL *s) goto f_err; } } -#endif /* OPENSSL_NO_PSK */ /* Depending on the key exchange method, compute |premaster_secret| and * |premaster_secret_len|. Also, for DH and ECDH, set @@ -2520,7 +2508,6 @@ int ssl3_get_client_key_exchange(SSL *s) premaster_secret_len = ecdh_len; } #endif -#ifndef OPENSSL_NO_PSK else if (alg_k & SSL_kPSK) { /* For plain PSK, other_secret is a block of 0s with the same @@ -2534,7 +2521,6 @@ int ssl3_get_client_key_exchange(SSL *s) } memset(premaster_secret, 0, premaster_secret_len); } -#endif /* !OPENSSL_NO_PSK */ else { al=SSL_AD_HANDSHAKE_FAILURE; @@ -2542,7 +2528,6 @@ int ssl3_get_client_key_exchange(SSL *s) goto f_err; } -#ifndef OPENSSL_NO_PSK /* For a PSK cipher suite, the actual pre-master secret is combined with * the pre-shared key. */ if (alg_a & SSL_aPSK) @@ -2572,7 +2557,6 @@ int ssl3_get_client_key_exchange(SSL *s) premaster_secret = new_data; premaster_secret_len = new_len; } -#endif /* !OPENSSL_NO_PSK */ /* Compute the master secret */ s->session->master_key_length = s->method->ssl3_enc diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 6b0568e1..2c910536 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -115,10 +115,8 @@ typedef struct ssl_session_asn1_st ASN1_OCTET_STRING tlsext_hostname; ASN1_INTEGER tlsext_tick_lifetime; ASN1_OCTET_STRING tlsext_tick; -#ifndef OPENSSL_NO_PSK ASN1_OCTET_STRING psk_identity_hint; ASN1_OCTET_STRING psk_identity; -#endif /* OPENSSL_NO_PSK */ ASN1_OCTET_STRING peer_sha256; ASN1_OCTET_STRING original_handshake_hash; } SSL_SESSION_ASN1; @@ -234,7 +232,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) a.tlsext_tick_lifetime.data=ibuf6; ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); } -#ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) { a.psk_identity_hint.length=strlen(in->psk_identity_hint); @@ -261,7 +258,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) a.original_handshake_hash.type = V_ASN1_OCTET_STRING; a.original_handshake_hash.data = in->original_handshake_hash; } -#endif /* OPENSSL_NO_PSK */ M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); @@ -286,12 +282,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); if (in->tlsext_hostname) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); -#ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); if (in->psk_identity) M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); -#endif /* OPENSSL_NO_PSK */ if (in->peer_sha256_valid) M_ASN1_I2D_len_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13); if (in->original_handshake_hash_len > 0) @@ -318,12 +312,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); if (in->tlsext_hostname) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); -#ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); if (in->psk_identity) M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); -#endif /* OPENSSL_NO_PSK */ if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) @@ -502,7 +494,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, else ret->tlsext_hostname=NULL; -#ifndef OPENSSL_NO_PSK os.length=0; os.data=NULL; M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); @@ -528,7 +519,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } else ret->psk_identity=NULL; -#endif /* OPENSSL_NO_PSK */ ai.length=0; M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4241c231..f1fc69b8 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -580,10 +580,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un *mkey |= SSL_kECDHe|SSL_kECDHr; *auth |= SSL_aECDH; #endif -#ifdef OPENSSL_NO_PSK - *mkey |= SSL_kPSK; - *auth |= SSL_aPSK; -#endif #ifdef SSL_FORBID_ENULL *enc |= SSL_eNULL; #endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 74a8e064..fffe9e94 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -396,7 +396,6 @@ SSL *SSL_new(SSL_CTX *ctx) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); -#ifndef OPENSSL_NO_PSK s->psk_identity_hint = NULL; if (ctx->psk_identity_hint) { @@ -406,7 +405,6 @@ SSL *SSL_new(SSL_CTX *ctx) } s->psk_client_callback=ctx->psk_client_callback; s->psk_server_callback=ctx->psk_server_callback; -#endif return(s); err: @@ -693,10 +691,8 @@ void SSL_free(SSL *s) if (s->tlsext_channel_id_private) EVP_PKEY_free(s->tlsext_channel_id_private); -#ifndef OPENSSL_NO_PSK if (s->psk_identity_hint) OPENSSL_free(s->psk_identity_hint); -#endif if (s->client_CA != NULL) sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); @@ -2016,11 +2012,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->next_protos_advertised_cb = 0; ret->next_proto_select_cb = 0; # endif -#ifndef OPENSSL_NO_PSK ret->psk_identity_hint=NULL; ret->psk_client_callback=NULL; ret->psk_server_callback=NULL; -#endif #ifndef OPENSSL_NO_BUF_FREELISTS ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); @@ -2143,10 +2137,8 @@ void SSL_CTX_free(SSL_CTX *a) if (a->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); -#ifndef OPENSSL_NO_PSK if (a->psk_identity_hint) OPENSSL_free(a->psk_identity_hint); -#endif /* TODO(fork): remove. */ #if 0 @@ -2396,12 +2388,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) } #endif -#ifndef OPENSSL_NO_PSK mask_k |= SSL_kPSK; mask_a |= SSL_aPSK; emask_k |= SSL_kPSK; emask_a |= SSL_aPSK; -#endif c->mask_k=mask_k; c->mask_a=mask_a; @@ -3175,7 +3165,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, } #endif -#ifndef OPENSSL_NO_PSK int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) @@ -3287,7 +3276,6 @@ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, { ctx->psk_server_callback = cb; } -#endif void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) { diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 97ef3f89..ffc0d153 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -221,10 +221,8 @@ SSL_SESSION *SSL_SESSION_new(void) ss->tlsext_ellipticcurvelist = NULL; #endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); -#ifndef OPENSSL_NO_PSK ss->psk_identity_hint=NULL; ss->psk_identity=NULL; -#endif return(ss); } @@ -391,7 +389,6 @@ int ssl_get_new_session(SSL *s, int session) return 0; } } -#ifndef OPENSSL_NO_PSK if (s->psk_identity_hint) { ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint); @@ -402,7 +399,6 @@ int ssl_get_new_session(SSL *s, int session) return 0; } } -#endif } else { @@ -741,12 +737,10 @@ void SSL_SESSION_free(SSL_SESSION *ss) ss->tlsext_ellipticcurvelist_length = 0; if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_PSK if (ss->psk_identity_hint != NULL) OPENSSL_free(ss->psk_identity_hint); if (ss->psk_identity != NULL) OPENSSL_free(ss->psk_identity); -#endif OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); } diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 96a0d782..1b78c4bb 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -168,12 +168,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; } -#ifndef OPENSSL_NO_PSK if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; -#endif if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ffadd220..2d673764 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1117,14 +1117,12 @@ void ssl_set_client_disabled(SSL *s) c->mask_a |= SSL_aECDSA; c->mask_k |= SSL_kECDHe; } -#ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (!s->psk_client_callback) { c->mask_a |= SSL_aPSK; c->mask_k |= SSL_kPSK; } -#endif /* OPENSSL_NO_PSK */ c->valid = 1; }