diff options
| author | Christian Heimes <christian@python.org> | 2017-09-14 09:28:39 +0200 |
|---|---|---|
| committer | Benjamin Kaduk <kaduk@mit.edu> | 2017-09-15 10:31:54 -0500 |
| commit | af51a74ade8bbab5ed49a3560dcb70d89896dc29 (patch) | |
| tree | 574a21f32bc7b981049193c50367ed52c337e684 /include | |
| parent | a8b85c5ffee1f5adf7a27fcc5613b752b1a28b63 (diff) | |
Provide getters for min/max proto version
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new
API to set the minimum and maximum protocol version for SSL_CTX with
TLS_method(). Add getters to introspect the configured versions:
int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
int SSL_get_min_proto_version(SSL *ssl);
int SSL_get_max_proto_version(SSL *ssl);
NOTE: The getters do not resolv the version in case when the minimum or
maxium version are configured as '0' (meaning auto-select lowest and
highst version number).
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(cherry picked from commit 3edabd3ccb7aac89af5a63cfb2378e33a8be05d7)
Updated for new manual page location and TLS 1.3.
(Merged from https://github.com/openssl/openssl/pull/4376)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/ssl.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 2c694b4735..940a5f0eb5 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1158,6 +1158,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1289,10 +1291,18 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) #define SSL_CTX_set_max_proto_version(ctx, version) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL) +#define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL) #define SSL_set_min_proto_version(s, version) \ SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) #define SSL_set_max_proto_version(s, version) \ SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL) +#define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL) #if OPENSSL_API_COMPAT < 0x10100000L /* Provide some compatibility macros for removed functionality. */ |