Factor out the legacy stack version checks.

Also check for explicit version numbers, rather than just the major version value. ok tb@
author: jsing <jsing@openbsd.org> 2021-02-07 15:04:10 +0000
committer: jsing <jsing@openbsd.org> 2021-02-07 15:04:10 +0000
commit: b81375cc4fbad88a54ed47f4efafc0802c58445f (patch)
tree: 3d2fd6fe562638804692970c239e47efaadd32be /lib/libssl/ssl_versions.c
parent: Enable auto DHE and disable session tickets for some tests. (diff)
download: wireguard-openbsd-b81375cc4fbad88a54ed47f4efafc0802c58445f.tar.xz
wireguard-openbsd-b81375cc4fbad88a54ed47f4efafc0802c58445f.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c
index c5de9d0cde7..83d0d06af50 100644
--- a/lib/libssl/ssl_versions.c
+++ b/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.8 2021/01/04 19:19:12 tb Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.9 2021/02/07 15:04:10 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -231,3 +231,13 @@ ssl_downgrade_max_version(SSL *s, uint16_t *max_ver)
 
 	return 1;
 }
+
+int
+ssl_legacy_stack_version(SSL *s, uint16_t version)
+{
+	if (SSL_is_dtls(s))
+		return version == DTLS1_VERSION;
+
+	return version == TLS1_VERSION || version == TLS1_1_VERSION ||
+	    version == TLS1_2_VERSION;
+}
author	jsing <jsing@openbsd.org>	2021-02-07 15:04:10 +0000
committer	jsing <jsing@openbsd.org>	2021-02-07 15:04:10 +0000
commit	b81375cc4fbad88a54ed47f4efafc0802c58445f (patch)
tree	3d2fd6fe562638804692970c239e47efaadd32be /lib/libssl/ssl_versions.c
parent	Enable auto DHE and disable session tickets for some tests. (diff)
download	wireguard-openbsd-b81375cc4fbad88a54ed47f4efafc0802c58445f.tar.xz wireguard-openbsd-b81375cc4fbad88a54ed47f4efafc0802c58445f.zip