- No change in functionality. This is used in a subsequent
patch for extending TLS1.2 support with cryptoapicert
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1516423647-21932-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16287.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -670,6 +670,29 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx) |
670 | 670 |
} |
671 | 671 |
#endif /* SSL_CTX_get_min_proto_version */ |
672 | 672 |
|
673 |
+#ifndef SSL_CTX_get_max_proto_version |
|
674 |
+/** Return the max SSL protocol version currently enabled in the context. |
|
675 |
+ * If no valid version >= TLS1.0 is found, return 0. */ |
|
676 |
+static inline int |
|
677 |
+SSL_CTX_get_max_proto_version(SSL_CTX *ctx) |
|
678 |
+{ |
|
679 |
+ long sslopt = SSL_CTX_get_options(ctx); |
|
680 |
+ if (!(sslopt & SSL_OP_NO_TLSv1_2)) |
|
681 |
+ { |
|
682 |
+ return TLS1_2_VERSION; |
|
683 |
+ } |
|
684 |
+ if (!(sslopt & SSL_OP_NO_TLSv1_1)) |
|
685 |
+ { |
|
686 |
+ return TLS1_1_VERSION; |
|
687 |
+ } |
|
688 |
+ if (!(sslopt & SSL_OP_NO_TLSv1)) |
|
689 |
+ { |
|
690 |
+ return TLS1_VERSION; |
|
691 |
+ } |
|
692 |
+ return 0; |
|
693 |
+} |
|
694 |
+#endif /* SSL_CTX_get_max_proto_version */ |
|
695 |
+ |
|
673 | 696 |
#ifndef SSL_CTX_set_min_proto_version |
674 | 697 |
/** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ |
675 | 698 |
static inline int |