Remove SSL_CTX_set_ssl_version.
Missed this one. It requires that we be able to change an SSL_METHOD after the
after, which complicates compiling the version locking into min_version /
max_version configurations.
Change-Id: I24ba54b7939360bbfafe3feb355a65840bda7611
Reviewed-on: https://boringssl-review.googlesource.com/2579
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c78cb96..e40f739 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2022,9 +2022,6 @@
OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c);
OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *c);
-/* This sets the 'default' SSL version that SSL_new() will create */
-OPENSSL_EXPORT int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-
OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
OPENSSL_EXPORT const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
OPENSSL_EXPORT const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3223165..61c8dc9 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -227,26 +227,6 @@
return(1);
}
-/** Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- ctx->method=meth;
-
- sk=ssl_create_cipher_list(
- ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id,
- SSL_DEFAULT_CIPHER_LIST,
- ctx->cert);
-
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
- {
- OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_ssl_version, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
- return(0);
- }
- return(1);
- }
-
SSL *SSL_new(SSL_CTX *ctx)
{
SSL *s;
