From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 13 May 2015 15:21:38 +0000 (-0400)
Subject: SSL_clear_mode exists; we can use it.
X-Git-Tag: tor-0.2.7.2-alpha~103^2~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92b297bb589e51e2f2653dd9c1a8dc1a86b6b7ad;p=thirdparty%2Ftor.git

SSL_clear_mode exists; we can use it.
---

diff --git a/src/common/tortls.c b/src/common/tortls.c
index a90ae70af3..4a15670156 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -2239,8 +2239,7 @@ tor_tls_finish_handshake(tor_tls_t *tls)
   if (tls->isServer) {
     SSL_set_info_callback(tls->ssl, NULL);
     SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
-    /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
-    tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
+    SSL_clear_mode(tls->ssl, SSL_MODE_NO_AUTO_CHAIN);
 #ifdef V2_HANDSHAKE_SERVER
     if (tor_tls_client_is_using_v2_ciphers(tls->ssl)) {
       /* This check is redundant, but back when we did it in the callback,