GitList

Browse code

Fix --tls-version-max in mbed TLS builds

These define renames were missed in the migration to 2.x, causing the
maximum TLS version to be detected incorrectly.

[DS: mbedTLS mapps supported SSL/TLS protocol version in the library
through these macros. TLSv1.1 = 3.2, TLSv1.2 = 3.3, etc ]

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1478289824-9244-1-git-send-email-steffan@karger.me>
URL: http://www.mail-archive.com/search?l=mid&q=1478289824-9244-1-git-send-email-steffan@karger.me
Signed-off-by: David Sommerseth <davids@openvpn.net>

Steffan Karger authored on 2016/11/05 05:03:44
Showing 1 changed files

src/openvpn/ssl_mbedtls.c

History View file @ 8215b7a

@@ -723,9 +723,9 @@ void tls_ctx_personalise_random(struct tls_root_ctx *ctx)
                      int
                      tls_version_max(void)
+                     {
                     -#if defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_3)
                     +#if defined(MBEDTLS_SSL_MAJOR_VERSION_3) && defined(MBEDTLS_SSL_MINOR_VERSION_3)
                        return TLS_VER_1_2;
                     -#elif defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_2)
                     +#elif defined(MBEDTLS_SSL_MAJOR_VERSION_3) && defined(MBEDTLS_SSL_MINOR_VERSION_2)
                        return TLS_VER_1_1;
                      #else
                        return TLS_VER_1_0;