Factor out the legacy stack version checks.

Also check for explicit version numbers, rather than just the major version
value.

ok tb@

1 files changed, 5 insertions, 13 deletions

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 4a6e8b06a8..25164ea012 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.76 2020/10/14 16:57:33 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.77 2021/02/07 15:04:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -212,18 +212,10 @@ ssl3_connect(SSL *s)
                         if (cb != NULL)
                                 cb(s, SSL_CB_HANDSHAKE_START, 1);
 
-                        if (SSL_is_dtls(s)) {
-                                if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
-                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                        ret = -1;
-                                        goto end;
-                                }
-                        } else {
-                                if ((s->version & 0xff00) != 0x0300) {
-                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                        ret = -1;
-                                        goto end;
-                                }
+                        if (!ssl_legacy_stack_version(s, s->version)) {
+                                SSLerror(s, ERR_R_INTERNAL_ERROR);
+                                ret = -1;
+                                goto end;
                         }
 
                         /* s->version=SSL3_VERSION; */