This commit was generated by cvs2svn to compensate for changes in r100936,

which included commits to RCS files with non-trunk default branches.

1 files changed, 16 insertions, 5 deletions

diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index d9a161a..79fa4f9 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -361,13 +361,24 @@ int ssl3_setup_key_block(SSL *s)
 	
 	ssl3_generate_key_block(s,p,num);
 	
-	/* enable vulnerability countermeasure for CBC ciphers with
-	 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
-	s->s3->need_empty_fragments = 1;
+	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+		{
+		/* enable vulnerability countermeasure for CBC ciphers with
+		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+		 */
+		s->s3->need_empty_fragments = 1;
+
+ 		if (s->session->cipher != NULL)
+			{
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+ 				s->s3->need_empty_fragments = 0;
+ 			
 #ifndef NO_RC4
-	if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
-		s->s3->need_empty_fragments = 0;
+ 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+ 				s->s3->need_empty_fragments = 0;
 #endif
+ 			}
+ 		}
 		
 	return(1);
 err: