diff options
| author | Christian Heimes <christian@python.org> | 2017-09-14 09:28:39 +0200 |
|---|---|---|
| committer | Benjamin Kaduk <kaduk@mit.edu> | 2017-09-15 10:31:54 -0500 |
| commit | af51a74ade8bbab5ed49a3560dcb70d89896dc29 (patch) | |
| tree | 574a21f32bc7b981049193c50367ed52c337e684 /ssl | |
| parent | a8b85c5ffee1f5adf7a27fcc5613b752b1a28b63 (diff) | |
Provide getters for min/max proto version
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new
API to set the minimum and maximum protocol version for SSL_CTX with
TLS_method(). Add getters to introspect the configured versions:
int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
int SSL_get_min_proto_version(SSL *ssl);
int SSL_get_max_proto_version(SSL *ssl);
NOTE: The getters do not resolv the version in case when the minimum or
maxium version are configured as '0' (meaning auto-select lowest and
highst version number).
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(cherry picked from commit 3edabd3ccb7aac89af5a63cfb2378e33a8be05d7)
Updated for new manual page location and TLS 1.3.
(Merged from https://github.com/openssl/openssl/pull/4376)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_lib.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 45cdde4454..6908f1677b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1841,10 +1841,14 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_check_allowed_versions(larg, s->max_proto_version) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->min_proto_version); + case SSL_CTRL_GET_MIN_PROTO_VERSION: + return s->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: return ssl_check_allowed_versions(s->min_proto_version, larg) && ssl_set_version_bound(s->ctx->method->version, (int)larg, &s->max_proto_version); + case SSL_CTRL_GET_MAX_PROTO_VERSION: + return s->max_proto_version; default: return (s->method->ssl_ctrl(s, cmd, larg, parg)); } @@ -1973,10 +1977,14 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return ssl_check_allowed_versions(larg, ctx->max_proto_version) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->min_proto_version); + case SSL_CTRL_GET_MIN_PROTO_VERSION: + return ctx->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: return ssl_check_allowed_versions(ctx->min_proto_version, larg) && ssl_set_version_bound(ctx->method->version, (int)larg, &ctx->max_proto_version); + case SSL_CTRL_GET_MAX_PROTO_VERSION: + return ctx->max_proto_version; default: return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); } |