Browse code
Add SSL_CTX_get_max_proto_version() not in openssl 1.0
- No change in functionality. This is used in a subsequent
patch for extending TLS1.2 support with cryptoapicert
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1516423647-21932-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16287.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Selva Nair authored on 2018/01/20 13:47:27Showing 1 changed files
| ... | ... |
@@ -670,6 +670,29 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx) |
| 670 | 670 |
} |
| 671 | 671 |
#endif /* SSL_CTX_get_min_proto_version */ |
| 672 | 672 |
|
| 673 |
+#ifndef SSL_CTX_get_max_proto_version |
|
| 674 |
+/** Return the max SSL protocol version currently enabled in the context. |
|
| 675 |
+ * If no valid version >= TLS1.0 is found, return 0. */ |
|
| 676 |
+static inline int |
|
| 677 |
+SSL_CTX_get_max_proto_version(SSL_CTX *ctx) |
|
| 678 |
+{
|
|
| 679 |
+ long sslopt = SSL_CTX_get_options(ctx); |
|
| 680 |
+ if (!(sslopt & SSL_OP_NO_TLSv1_2)) |
|
| 681 |
+ {
|
|
| 682 |
+ return TLS1_2_VERSION; |
|
| 683 |
+ } |
|
| 684 |
+ if (!(sslopt & SSL_OP_NO_TLSv1_1)) |
|
| 685 |
+ {
|
|
| 686 |
+ return TLS1_1_VERSION; |
|
| 687 |
+ } |
|
| 688 |
+ if (!(sslopt & SSL_OP_NO_TLSv1)) |
|
| 689 |
+ {
|
|
| 690 |
+ return TLS1_VERSION; |
|
| 691 |
+ } |
|
| 692 |
+ return 0; |
|
| 693 |
+} |
|
| 694 |
+#endif /* SSL_CTX_get_max_proto_version */ |
|
| 695 |
+ |
|
| 673 | 696 |
#ifndef SSL_CTX_set_min_proto_version |
| 674 | 697 |
/** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ |
| 675 | 698 |
static inline int |