Specify minimum and maximum protocol version for each method. This is

currently unused, but will be in the near future.

ok beck@

6 files changed, 36 insertions, 6 deletions

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 42e149f864..633eabf8b4 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.59 2016/12/06 13:38:11 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.60 2017/01/21 06:50:02 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -132,6 +132,8 @@ static int dtls1_get_hello_verify(SSL *s);
 
 static const SSL_METHOD DTLSv1_client_method_data = {
         .version = DTLS1_VERSION,
+        .min_version = DTLS1_VERSION,
+        .max_version = DTLS1_VERSION,
         .ssl_new = dtls1_new,
         .ssl_clear = dtls1_clear,
         .ssl_free = dtls1_free,
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
index 83917e336d..c7604863fa 100644
--- a/src/lib/libssl/d1_meth.c
+++ b/src/lib/libssl/d1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_meth.c,v 1.10 2016/11/04 18:30:21 guenther Exp $ */
+/* $OpenBSD: d1_meth.c,v 1.11 2017/01/21 06:50:02 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -67,6 +67,8 @@ static const SSL_METHOD *dtls1_get_method(int ver);
 
 static const SSL_METHOD DTLSv1_method_data = {
         .version = DTLS1_VERSION,
+        .min_version = DTLS1_VERSION,
+        .max_version = DTLS1_VERSION,
         .ssl_new = dtls1_new,
         .ssl_clear = dtls1_clear,
         .ssl_free = dtls1_free,
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 472d0de9dd..4322a219f5 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.69 2016/12/06 13:38:11 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.70 2017/01/21 06:50:02 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -130,6 +130,8 @@ static int dtls1_send_hello_verify_request(SSL *s);
 
 static const SSL_METHOD DTLSv1_server_method_data = {
         .version = DTLS1_VERSION,
+        .min_version = DTLS1_VERSION,
+        .max_version = DTLS1_VERSION,
         .ssl_new = dtls1_new,
         .ssl_clear = dtls1_clear,
         .ssl_free = dtls1_free,
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
index 9107f3976e..d643d5db13 100644
--- a/src/lib/libssl/t1_clnt.c
+++ b/src/lib/libssl/t1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_clnt.c,v 1.19 2016/11/04 18:30:21 guenther Exp $ */
+/* $OpenBSD: t1_clnt.c,v 1.20 2017/01/21 06:50:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -68,6 +68,8 @@ static const SSL_METHOD *tls1_get_client_method(int ver);
 
 static const SSL_METHOD TLS_client_method_data = {
         .version = TLS1_2_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_2_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -100,6 +102,8 @@ static const SSL_METHOD TLS_client_method_data = {
 
 static const SSL_METHOD TLSv1_client_method_data = {
         .version = TLS1_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -132,6 +136,8 @@ static const SSL_METHOD TLSv1_client_method_data = {
 
 static const SSL_METHOD TLSv1_1_client_method_data = {
         .version = TLS1_1_VERSION,
+        .min_version = TLS1_1_VERSION,
+        .max_version = TLS1_1_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -164,6 +170,8 @@ static const SSL_METHOD TLSv1_1_client_method_data = {
 
 static const SSL_METHOD TLSv1_2_client_method_data = {
         .version = TLS1_2_VERSION,
+        .min_version = TLS1_2_VERSION,
+        .max_version = TLS1_2_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
index 261ab192be..5c37142ab3 100644
--- a/src/lib/libssl/t1_meth.c
+++ b/src/lib/libssl/t1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_meth.c,v 1.18 2016/11/04 18:30:21 guenther Exp $ */
+/* $OpenBSD: t1_meth.c,v 1.19 2017/01/21 06:50:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -66,6 +66,8 @@ static const SSL_METHOD *tls1_get_method(int ver);
 
 static const SSL_METHOD TLS_method_data = {
         .version = TLS1_2_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_2_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -98,6 +100,8 @@ static const SSL_METHOD TLS_method_data = {
 
 static const SSL_METHOD TLSv1_method_data = {
         .version = TLS1_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -130,6 +134,8 @@ static const SSL_METHOD TLSv1_method_data = {
 
 static const SSL_METHOD TLSv1_1_method_data = {
         .version = TLS1_1_VERSION,
+        .min_version = TLS1_1_VERSION,
+        .max_version = TLS1_1_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -162,6 +168,8 @@ static const SSL_METHOD TLSv1_1_method_data = {
 
 static const SSL_METHOD TLSv1_2_method_data = {
         .version = TLS1_2_VERSION,
+        .min_version = TLS1_2_VERSION,
+        .max_version = TLS1_2_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
index 74c73a4337..84ed66c7ed 100644
--- a/src/lib/libssl/t1_srvr.c
+++ b/src/lib/libssl/t1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_srvr.c,v 1.20 2016/11/04 18:30:21 guenther Exp $ */
+/* $OpenBSD: t1_srvr.c,v 1.21 2017/01/21 06:50:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -69,6 +69,8 @@ static const SSL_METHOD *tls1_get_server_method(int ver);
 
 static const SSL_METHOD TLS_server_method_data = {
         .version = TLS1_2_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_2_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -101,6 +103,8 @@ static const SSL_METHOD TLS_server_method_data = {
 
 static const SSL_METHOD TLSv1_server_method_data = {
         .version = TLS1_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -133,6 +137,8 @@ static const SSL_METHOD TLSv1_server_method_data = {
 
 static const SSL_METHOD TLSv1_1_server_method_data = {
         .version = TLS1_1_VERSION,
+        .min_version = TLS1_1_VERSION,
+        .max_version = TLS1_1_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,
@@ -165,6 +171,8 @@ static const SSL_METHOD TLSv1_1_server_method_data = {
 
 static const SSL_METHOD TLSv1_2_server_method_data = {
         .version = TLS1_2_VERSION,
+        .min_version = TLS1_2_VERSION,
+        .max_version = TLS1_2_VERSION,
         .ssl_new = tls1_new,
         .ssl_clear = tls1_clear,
         .ssl_free = tls1_free,