Provide SSL_CTX_get_min_proto_version and SSL_CTX_get_max_proto_version

We already provided the setters, so also provide the getters like
OpenSSL does.  Addition prompted by the use of those functions in recent
openvpn releases.

manpage diff from schwarze@ (thanks!) with input from jsing@, ok tb@
jsing@

1 files changed, 51 insertions, 11 deletions

diff --git a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 b/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3
index ff057cadac..38ac9fc421 100644
--- a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3
+++ b/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3
@@ -1,8 +1,9 @@
-.\"     $OpenBSD: SSL_CTX_set_min_proto_version.3,v 1.1 2017/08/19 23:45:10 schwarze Exp $
-.\"     OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
+.\" $OpenBSD: SSL_CTX_set_min_proto_version.3,v 1.2 2018/03/15 12:27:01 jca Exp $
+.\" full merge up to: OpenSSL 3edabd3c Sep 14 09:28:39 2017 +0200
 .\"
-.\" This file was written by Kurt Roeckx <kurt@roeckx.be>.
-.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
+.\" This file was written by Kurt Roeckx <kurt@roeckx.be> and
+.\" Christian Heimes <christian@python.org>.
+.\" Copyright (c) 2015, 2017 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -48,15 +49,19 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 19 2017 $
+.Dd $Mdocdate: March 15 2018 $
 .Dt SSL_CTX_SET_MIN_PROTO_VERSION 3
 .Os
 .Sh NAME
 .Nm SSL_CTX_set_min_proto_version ,
 .Nm SSL_CTX_set_max_proto_version ,
+.Nm SSL_CTX_get_min_proto_version ,
+.Nm SSL_CTX_get_max_proto_version ,
 .Nm SSL_set_min_proto_version ,
-.Nm SSL_set_max_proto_version
-.Nd set minimum and maximum supported protocol version
+.Nm SSL_set_max_proto_version ,
+.Nm SSL_get_min_proto_version ,
+.Nm SSL_get_max_proto_version
+.Nd get and set minimum and maximum supported protocol version
 .Sh SYNOPSIS
 .In openssl/ssl.h
 .Ft int
@@ -70,6 +75,14 @@
 .Fa "uint16_t version"
 .Fc
 .Ft int
+.Fo SSL_CTX_get_min_proto_version
+.Fa "SSL_CTX *ctx"
+.Fc
+.Ft int
+.Fo SSL_CTX_get_max_proto_version
+.Fa "SSL_CTX *ctx"
+.Fc
+.Ft int
 .Fo SSL_set_min_proto_version
 .Fa "SSL *ssl"
 .Fa "uint16_t version"
@@ -79,8 +92,16 @@
 .Fa "SSL *ssl"
 .Fa "uint16_t version"
 .Fc
+.Ft int
+.Fo SSL_get_min_proto_version
+.Fa "SSL *ssl"
+.Fc
+.Ft int
+.Fo SSL_get_max_proto_version
+.Fa "SSL *ssl"
+.Fc
 .Sh DESCRIPTION
-These functions set the minimum and maximum supported protocol
+These functions get or set the minimum and maximum supported protocol
 versions for
 .Fa ctx
 or
@@ -102,13 +123,32 @@ and
 for TLS and
 .Sy DTLS1_VERSION
 for DTLS.
+.Pp
+In other implementations, these functions may be implemented as macros.
 .Sh RETURN VALUES
-These functions return 1 on success or 0 on failure.
+The setter functions return 1 on success or 0 on failure.
+.Pp
+The getter functions return the configured version or 0 if
+.Fa ctx
+or
+.Fa ssl
+has been configured to automatically use the lowest or highest
+version supported by the library.
 .Sh SEE ALSO
 .Xr ssl 3 ,
 .Xr SSL_CTX_new 3 ,
 .Xr SSL_CTX_set_options 3
 .Sh HISTORY
-These functions first appeared in OpenSSL 1.1.0
-and have been available since
+The setter functions first appeared in BoringSSL in December 2014,
+with shorter names without the
+.Sy proto_
+part.
+Two years later, OpenSSL included them in their 1.1.0 release,
+gratuitiously changing the names; Google shrugged and adopted
+the longer names one month later.
+They have been available since
 .Ox 6.2 .
+.Pp
+The getter functions first appeared in OpenSSL 1.1.1
+and have been available since
+.Ox 6.3 .