diff options
| author |   jsing <jsing@openbsd.org> | 2021-02-20 09:43:29 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-02-20 09:43:29 +0000 |
| commit | c7716c225dcbd54f5b35d3dca84dbe38706cf794 (patch) | |
| tree | c8f3f3b472f3d06d18cca09e8097038bf21e3d1c /lib/libssl/ssl_lib.c | |
| parent | Add DTLSv1.2 methods. (diff) | |
| download | wireguard-openbsd-c7716c225dcbd54f5b35d3dca84dbe38706cf794.tar.xz wireguard-openbsd-c7716c225dcbd54f5b35d3dca84dbe38706cf794.zip | |
Return a min/max version of zero if set to zero.
OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero
if the minimum or maximum has been set to zero (which means the minimum or
maximum version supported by the method). Previously we returned the
minimum or maximum version supported by the method, instead of zero. Match
OpenSSL's behaviour by using shadow variables.
Discussed with tb@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index f8028752744..6a182f2e3b1 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.246 2021/02/20 08:30:52 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.247 2021/02/20 09:43:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -256,6 +256,8 @@ SSL_new(SSL_CTX *ctx) s->internal->min_version = ctx->internal->min_version; s->internal->max_version = ctx->internal->max_version; + s->internal->min_proto_version = ctx->internal->min_proto_version; + s->internal->max_proto_version = ctx->internal->max_proto_version; s->internal->options = ctx->internal->options; s->internal->mode = ctx->internal->mode; @@ -1829,6 +1831,8 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->method = meth; ret->internal->min_version = meth->internal->min_version; ret->internal->max_version = meth->internal->max_version; + ret->internal->min_proto_version = 0; + ret->internal->max_proto_version = 0; ret->internal->mode = SSL_MODE_AUTO_RETRY; ret->cert_store = NULL; @@ -3016,52 +3020,56 @@ SSL_cache_hit(SSL *s) int SSL_CTX_get_min_proto_version(SSL_CTX *ctx) { - return ctx->internal->min_version; + return ctx->internal->min_proto_version; } int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) { return ssl_version_set_min(ctx->method, version, - ctx->internal->max_version, &ctx->internal->min_version); + ctx->internal->max_version, &ctx->internal->min_version, + &ctx->internal->min_proto_version); } int SSL_CTX_get_max_proto_version(SSL_CTX *ctx) { - return ctx->internal->max_version; + return ctx->internal->max_proto_version; } int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) { return ssl_version_set_max(ctx->method, version, - ctx->internal->min_version, &ctx->internal->max_version); + ctx->internal->min_version, &ctx->internal->max_version, + &ctx->internal->max_proto_version); } int SSL_get_min_proto_version(SSL *ssl) { - return ssl->internal->min_version; + return ssl->internal->min_proto_version; } int SSL_set_min_proto_version(SSL *ssl, uint16_t version) { return ssl_version_set_min(ssl->method, version, - ssl->internal->max_version, &ssl->internal->min_version); + ssl->internal->max_version, &ssl->internal->min_version, + &ssl->internal->min_proto_version); } int SSL_get_max_proto_version(SSL *ssl) { - return ssl->internal->max_version; + return ssl->internal->max_proto_version; } int SSL_set_max_proto_version(SSL *ssl, uint16_t version) { return ssl_version_set_max(ssl->method, version, - ssl->internal->min_version, &ssl->internal->max_version); + ssl->internal->min_version, &ssl->internal->max_version, + &ssl->internal->max_proto_version); } static int |