diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2020-07-16 23:30:43 -0200 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2020-07-21 16:40:07 -0200 |
| commit | 77174598920a05826a28d8a0bd87a3af43d3f4d8 (patch) | |
| tree | ed3d423072d3f399e583d1cc7787f1d5490a3e0e /test/evp_libctx_test.c | |
| parent | 5ac582d949c4f0dbf919c99d59496035a1f7e982 (diff) | |
Avoid errors with a priori inapplicable protocol bounds
The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configurign DTLS-based contexts,
and conversely, silently ignore DTLS protocol version bounds when
configuring TLS-based contexts. The commands can be repeated to set
bounds of both types. The same applies with the corresponding
"min_protocol" and "max_protocol" command-line switches, in case some
application uses both TLS and DTLS.
SSL_CTX instances that are created for a fixed protocol version (e.g.
TLSv1_server_method()) also silently ignore version bounds. Previously
attempts to apply bounds to these protocol versions would result in an
error. Now only the "version-flexible" SSL_CTX instances are subject to
limits in configuration files in command-line options.
Expected to resolve #12394
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #12472
Diffstat (limited to 'test/evp_libctx_test.c')
0 files changed, 0 insertions, 0 deletions