diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2016-02-02 23:58:49 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2016-03-09 19:38:56 +0100 |
commit | 0d5301aff900970b09d2fe0c70d1038157d7638b (patch) | |
tree | eccb37f83a5388dee8ec57cbb90eb3b404ea3be0 /apps/s_client.c | |
parent | 1fc7d6664a3d118f9d5de217c9ffd154ed9ddb6f (diff) |
Use minimum and maximum protocol version instead of version fixed methods
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index c338b0c525..38d7c32a02 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -928,6 +928,7 @@ int s_client_main(int argc, char **argv) char *ctlog_file = NULL; ct_validation_cb ct_validation = NULL; #endif + int min_version = 0, max_version = 0; FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -1199,25 +1200,30 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_SRP case OPT_SRPUSER: srp_arg.srplogin = opt_arg(); - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; case OPT_SRPPASS: srppass = opt_arg(); - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; case OPT_SRP_STRENGTH: srp_arg.strength = atoi(opt_arg()); BIO_printf(bio_err, "SRP minimal length for N is %d\n", srp_arg.strength); - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; case OPT_SRP_LATEUSER: srp_lateuser = 1; - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; case OPT_SRP_MOREGROUPS: srp_arg.amp = 1; - meth = TLSv1_client_method(); + if (min_version < TLS1_VERSION) + min_version = TLS1_VERSION; break; #else case OPT_SRPUSER: @@ -1231,24 +1237,20 @@ int s_client_main(int argc, char **argv) ssl_config = opt_arg(); break; case OPT_SSL3: -#ifndef OPENSSL_NO_SSL3 - meth = SSLv3_client_method(); -#endif + min_version = SSL3_VERSION; + max_version = SSL3_VERSION; break; case OPT_TLS1_2: -#ifndef OPENSSL_NO_TLS1_2 - meth = TLSv1_2_client_method(); -#endif + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; break; case OPT_TLS1_1: -#ifndef OPENSSL_NO_TLS1_1 - meth = TLSv1_1_client_method(); -#endif + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; break; case OPT_TLS1: -#ifndef OPENSSL_NO_TLS1 - meth = TLSv1_client_method(); -#endif + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; break; case OPT_DTLS: #ifndef OPENSSL_NO_DTLS @@ -1258,13 +1260,17 @@ int s_client_main(int argc, char **argv) break; case OPT_DTLS1: #ifndef OPENSSL_NO_DTLS1 - meth = DTLSv1_client_method(); + meth = DTLS_client_method(); + min_version = DTLS1_VERSION; + max_version = DTLS1_VERSION; socket_type = SOCK_DGRAM; #endif break; case OPT_DTLS1_2: #ifndef OPENSSL_NO_DTLS1_2 - meth = DTLSv1_2_client_method(); + meth = DTLS_client_method(); + min_version = DTLS1_2_VERSION; + max_version = DTLS1_2_VERSION; socket_type = SOCK_DGRAM; #endif break; @@ -1566,6 +1572,11 @@ int s_client_main(int argc, char **argv) } } + if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) + goto end; + if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) + goto end; + if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { BIO_printf(bio_err, "Error setting verify params\n"); ERR_print_errors(bio_err); |