Split most of SSL_METHOD out into an internal variant, which is opaque.

Discussed with beck@
author: jsing <> 2017-01-23 13:36:13 +0000
committer: jsing <> 2017-01-23 13:36:13 +0000
commit: 4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630 (patch)
tree: 84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/ssl_lib.c
parent: d997e8b2da4774b32b9a1e6368bb19aca5bf82c2 (diff)
download: openbsd-4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630.tar.gz
openbsd-4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630.tar.bz2
openbsd-4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630.zip
1 files changed, 35 insertions, 35 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 7592249dcb..edcbe9d20a 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.138 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.139 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -212,7 +212,7 @@ SSL_clear(SSL *s)
        s->internal->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
-        s->version = s->method->version;
+        s->version = s->method->internal->version;
        s->client_version = s->version;
        s->internal->rwstate = SSL_NOTHING;
        s->internal->rstate = SSL_ST_READ_HEADER;
@@ -232,12 +232,12 @@ SSL_clear(SSL *s)
         */
        if (!s->internal->in_handshake && (s->session == NULL) &&
            (s->method != s->ctx->method)) {
-                s->method->ssl_free(s);
+                s->method->internal->ssl_free(s);
                s->method = s->ctx->method;
-                if (!s->method->ssl_new(s))
+                if (!s->method->internal->ssl_new(s))
                        return (0);
        } else
-                s->method->ssl_clear(s);
+                s->method->internal->ssl_clear(s);
        return (1);
 }
@@ -354,11 +354,11 @@ SSL_new(SSL_CTX *ctx)
        s->method = ctx->method;
-        if (!s->method->ssl_new(s))
+        if (!s->method->internal->ssl_new(s))
                goto err;
        s->references = 1;
-        s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
+        s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1;
        SSL_clear(s);
@@ -550,7 +550,7 @@ SSL_free(SSL *s)
                sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
        if (s->method != NULL)
-                s->method->ssl_free(s);
+                s->method->internal->ssl_free(s);
        SSL_CTX_free(s->ctx);
@@ -799,7 +799,7 @@ SSL_pending(const SSL *s)
         * (Note that SSL_pending() is often used as a boolean value,
         * so we'd better not return -1.)
         */
-        return (s->method->ssl_pending(s));
+        return (s->method->internal->ssl_pending(s));
 }
 X509 *
@@ -856,9 +856,9 @@ SSL_copy_session_id(SSL *t, const SSL *f)
         * vice-versa.
         */
        if (t->method != f->method) {
-                t->method->ssl_free(t); /* cleanup current */
+                t->method->internal->ssl_free(t);       /* cleanup current */
-                t->method=f->method;    /* change method */
+                t->method = f->method;  /* change method */
-                t->method->ssl_new(t);  /* setup new */
+                t->method->internal->ssl_new(t);        /* setup new */
        }
        tmp = t->cert;
@@ -925,7 +925,7 @@ SSL_accept(SSL *s)
        if (s->internal->handshake_func == NULL)
                SSL_set_accept_state(s); /* Not properly initialized yet */
-        return (s->method->ssl_accept(s));
+        return (s->method->internal->ssl_accept(s));
 }
 int
@@ -934,13 +934,13 @@ SSL_connect(SSL *s)
        if (s->internal->handshake_func == NULL)
                SSL_set_connect_state(s); /* Not properly initialized yet */
-        return (s->method->ssl_connect(s));
+        return (s->method->internal->ssl_connect(s));
 }
 long
 SSL_get_default_timeout(const SSL *s)
 {
-        return (s->method->get_timeout());
+        return (s->method->internal->get_timeout());
 }
 int
@@ -955,7 +955,7 @@ SSL_read(SSL *s, void *buf, int num)
                s->internal->rwstate = SSL_NOTHING;
                return (0);
        }
-        return (s->method->ssl_read(s, buf, num));
+        return (s->method->internal->ssl_read(s, buf, num));
 }
 int
@@ -969,7 +969,7 @@ SSL_peek(SSL *s, void *buf, int num)
        if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
                return (0);
        }
-        return (s->method->ssl_peek(s, buf, num));
+        return (s->method->internal->ssl_peek(s, buf, num));
 }
 int
@@ -985,7 +985,7 @@ SSL_write(SSL *s, const void *buf, int num)
                SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
                return (-1);
        }
-        return (s->method->ssl_write(s, buf, num));
+        return (s->method->internal->ssl_write(s, buf, num));
 }
 int
@@ -1004,7 +1004,7 @@ SSL_shutdown(SSL *s)
        }
        if ((s != NULL) && !SSL_in_init(s))
-                return (s->method->ssl_shutdown(s));
+                return (s->method->internal->ssl_shutdown(s));
        else
                return (1);
 }
@@ -1017,7 +1017,7 @@ SSL_renegotiate(SSL *s)
        s->internal->new_session = 1;
-        return (s->method->ssl_renegotiate(s));
+        return (s->method->internal->ssl_renegotiate(s));
 }
 int
@@ -1028,7 +1028,7 @@ SSL_renegotiate_abbreviated(SSL *s)
        s->internal->new_session = 0;
-        return (s->method->ssl_renegotiate(s));
+        return (s->method->internal->ssl_renegotiate(s));
 }
 int
@@ -1737,7 +1737,7 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *p, size_t plen,
    int use_context)
 {
-        return (s->method->ssl3_enc->export_keying_material(s, out, olen,
+        return (s->method->internal->ssl3_enc->export_keying_material(s, out, olen,
            label, llen, p, plen, use_context));
 }
@@ -1831,7 +1831,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
        ret->internal->session_cache_tail = NULL;
        /* We take the system default */
-        ret->session_timeout = meth->get_timeout();
+        ret->session_timeout = meth->internal->get_timeout();
        ret->internal->new_session_cb = 0;
        ret->internal->remove_session_cb = 0;
@@ -2309,20 +2309,20 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
        if (s->method != meth) {
                if (s->internal->handshake_func != NULL)
-                        conn = (s->internal->handshake_func == s->method->ssl_connect);
+                        conn = (s->internal->handshake_func == s->method->internal->ssl_connect);
-                if (s->method->version == meth->version)
+                if (s->method->internal->version == meth->internal->version)
                        s->method = meth;
                else {
-                        s->method->ssl_free(s);
+                        s->method->internal->ssl_free(s);
                        s->method = meth;
-                        ret = s->method->ssl_new(s);
+                        ret = s->method->internal->ssl_new(s);
                }
                if (conn == 1)
-                        s->internal->handshake_func = meth->ssl_connect;
+                        s->internal->handshake_func = meth->internal->ssl_connect;
                else if (conn == 0)
-                        s->internal->handshake_func = meth->ssl_accept;
+                        s->internal->handshake_func = meth->internal->ssl_accept;
        }
        return (ret);
 }
@@ -2415,7 +2415,7 @@ SSL_do_handshake(SSL *s)
                return (-1);
        }
-        s->method->ssl_renegotiate_check(s);
+        s->method->internal->ssl_renegotiate_check(s);
        if (SSL_in_init(s) || SSL_in_before(s)) {
                ret = s->internal->handshake_func(s);
@@ -2433,7 +2433,7 @@ SSL_set_accept_state(SSL *s)
        s->server = 1;
        s->internal->shutdown = 0;
        s->internal->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
-        s->internal->handshake_func = s->method->ssl_accept;
+        s->internal->handshake_func = s->method->internal->ssl_accept;
        /* clear the current cipher */
        ssl_clear_cipher_ctx(s);
        ssl_clear_hash_ctx(&s->read_hash);
@@ -2446,7 +2446,7 @@ SSL_set_connect_state(SSL *s)
        s->server = 0;
        s->internal->shutdown = 0;
        s->internal->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
-        s->internal->handshake_func = s->method->ssl_connect;
+        s->internal->handshake_func = s->method->internal->ssl_connect;
        /* clear the current cipher */
        ssl_clear_cipher_ctx(s);
        ssl_clear_hash_ctx(&s->read_hash);
@@ -2581,7 +2581,7 @@ ssl_max_server_version(SSL *s)
         * The SSL method will be changed during version negotiation, as such
         * we want to use the SSL method from the context.
         */
-        max_version = s->ctx->method->version;
+        max_version = s->ctx->method->internal->version;
        if (SSL_IS_DTLS(s))
                return (DTLS1_VERSION);
@@ -2625,9 +2625,9 @@ SSL_dup(SSL *s)
                 * and thus we can't use SSL_copy_session_id.
                 */
-                ret->method->ssl_free(ret);
+                ret->method->internal->ssl_free(ret);
                ret->method = s->method;
-                ret->method->ssl_new(ret);
+                ret->method->internal->ssl_new(ret);
                if (s->cert != NULL) {
                        if (ret->cert != NULL) {
author	jsing <>	2017-01-23 13:36:13 +0000
committer	jsing <>	2017-01-23 13:36:13 +0000
commit	4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630 (patch)
tree	84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/ssl_lib.c
parent	d997e8b2da4774b32b9a1e6368bb19aca5bf82c2 (diff)
download	openbsd-4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630.tar.gz openbsd-4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630.tar.bz2 openbsd-4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630.zip

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 7592249dcb..edcbe9d20a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.138 2017/01/23 10:22:06 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.139 2017/01/23 13:36:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -212,7 +212,7 @@ SSL_clear(SSL *s)
212		212
213	s->internal->state = SSL_ST_BEFORE\|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);	213	s->internal->state = SSL_ST_BEFORE\|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
214		214
215	s->version = s->method->version;	215	s->version = s->method->internal->version;
216	s->client_version = s->version;	216	s->client_version = s->version;
217	s->internal->rwstate = SSL_NOTHING;	217	s->internal->rwstate = SSL_NOTHING;
218	s->internal->rstate = SSL_ST_READ_HEADER;	218	s->internal->rstate = SSL_ST_READ_HEADER;
@@ -232,12 +232,12 @@ SSL_clear(SSL *s)
232	*/	232	*/
233	if (!s->internal->in_handshake && (s->session == NULL) &&	233	if (!s->internal->in_handshake && (s->session == NULL) &&
234	(s->method != s->ctx->method)) {	234	(s->method != s->ctx->method)) {
235	s->method->ssl_free(s);	235	s->method->internal->ssl_free(s);
236	s->method = s->ctx->method;	236	s->method = s->ctx->method;
237	if (!s->method->ssl_new(s))	237	if (!s->method->internal->ssl_new(s))
238	return (0);	238	return (0);
239	} else	239	} else
240	s->method->ssl_clear(s);	240	s->method->internal->ssl_clear(s);
241		241
242	return (1);	242	return (1);
243	}	243	}
@@ -354,11 +354,11 @@ SSL_new(SSL_CTX *ctx)
354		354
355	s->method = ctx->method;	355	s->method = ctx->method;
356		356
357	if (!s->method->ssl_new(s))	357	if (!s->method->internal->ssl_new(s))
358	goto err;	358	goto err;
359		359
360	s->references = 1;	360	s->references = 1;
361	s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;	361	s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1;
362		362
363	SSL_clear(s);	363	SSL_clear(s);
364		364
@@ -550,7 +550,7 @@ SSL_free(SSL *s)
550	sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);	550	sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
551		551
552	if (s->method != NULL)	552	if (s->method != NULL)
553	s->method->ssl_free(s);	553	s->method->internal->ssl_free(s);
554		554
555	SSL_CTX_free(s->ctx);	555	SSL_CTX_free(s->ctx);
556		556
@@ -799,7 +799,7 @@ SSL_pending(const SSL *s)
799	* (Note that SSL_pending() is often used as a boolean value,	799	* (Note that SSL_pending() is often used as a boolean value,
800	* so we'd better not return -1.)	800	* so we'd better not return -1.)
801	*/	801	*/
802	return (s->method->ssl_pending(s));	802	return (s->method->internal->ssl_pending(s));
803	}	803	}
804		804
805	X509 *	805	X509 *
@@ -856,9 +856,9 @@ SSL_copy_session_id(SSL t, const SSL f)
856	* vice-versa.	856	* vice-versa.
857	*/	857	*/
858	if (t->method != f->method) {	858	if (t->method != f->method) {
859	t->method->ssl_free(t); /* cleanup current */	859	t->method->internal->ssl_free(t); /* cleanup current */
860	t->method=f->method; /* change method */	860	t->method = f->method; /* change method */
861	t->method->ssl_new(t); /* setup new */	861	t->method->internal->ssl_new(t); /* setup new */
862	}	862	}
863		863
864	tmp = t->cert;	864	tmp = t->cert;
@@ -925,7 +925,7 @@ SSL_accept(SSL *s)
925	if (s->internal->handshake_func == NULL)	925	if (s->internal->handshake_func == NULL)
926	SSL_set_accept_state(s); /* Not properly initialized yet */	926	SSL_set_accept_state(s); /* Not properly initialized yet */
927		927
928	return (s->method->ssl_accept(s));	928	return (s->method->internal->ssl_accept(s));
929	}	929	}
930		930
931	int	931	int
@@ -934,13 +934,13 @@ SSL_connect(SSL *s)
934	if (s->internal->handshake_func == NULL)	934	if (s->internal->handshake_func == NULL)
935	SSL_set_connect_state(s); /* Not properly initialized yet */	935	SSL_set_connect_state(s); /* Not properly initialized yet */
936		936
937	return (s->method->ssl_connect(s));	937	return (s->method->internal->ssl_connect(s));
938	}	938	}
939		939
940	long	940	long
941	SSL_get_default_timeout(const SSL *s)	941	SSL_get_default_timeout(const SSL *s)
942	{	942	{
943	return (s->method->get_timeout());	943	return (s->method->internal->get_timeout());
944	}	944	}
945		945
946	int	946	int
@@ -955,7 +955,7 @@ SSL_read(SSL s, void buf, int num)
955	s->internal->rwstate = SSL_NOTHING;	955	s->internal->rwstate = SSL_NOTHING;
956	return (0);	956	return (0);
957	}	957	}
958	return (s->method->ssl_read(s, buf, num));	958	return (s->method->internal->ssl_read(s, buf, num));
959	}	959	}
960		960
961	int	961	int
@@ -969,7 +969,7 @@ SSL_peek(SSL s, void buf, int num)
969	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {	969	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
970	return (0);	970	return (0);
971	}	971	}
972	return (s->method->ssl_peek(s, buf, num));	972	return (s->method->internal->ssl_peek(s, buf, num));
973	}	973	}
974		974
975	int	975	int
@@ -985,7 +985,7 @@ SSL_write(SSL s, const void buf, int num)
985	SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);	985	SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
986	return (-1);	986	return (-1);
987	}	987	}
988	return (s->method->ssl_write(s, buf, num));	988	return (s->method->internal->ssl_write(s, buf, num));
989	}	989	}
990		990
991	int	991	int
@@ -1004,7 +1004,7 @@ SSL_shutdown(SSL *s)
1004	}	1004	}
1005		1005
1006	if ((s != NULL) && !SSL_in_init(s))	1006	if ((s != NULL) && !SSL_in_init(s))
1007	return (s->method->ssl_shutdown(s));	1007	return (s->method->internal->ssl_shutdown(s));
1008	else	1008	else
1009	return (1);	1009	return (1);
1010	}	1010	}
@@ -1017,7 +1017,7 @@ SSL_renegotiate(SSL *s)
1017		1017
1018	s->internal->new_session = 1;	1018	s->internal->new_session = 1;
1019		1019
1020	return (s->method->ssl_renegotiate(s));	1020	return (s->method->internal->ssl_renegotiate(s));
1021	}	1021	}
1022		1022
1023	int	1023	int
@@ -1028,7 +1028,7 @@ SSL_renegotiate_abbreviated(SSL *s)
1028		1028
1029	s->internal->new_session = 0;	1029	s->internal->new_session = 0;
1030		1030
1031	return (s->method->ssl_renegotiate(s));	1031	return (s->method->internal->ssl_renegotiate(s));
1032	}	1032	}
1033		1033
1034	int	1034	int
@@ -1737,7 +1737,7 @@ SSL_export_keying_material(SSL s, unsigned char out, size_t olen,
1737	const char label, size_t llen, const unsigned char p, size_t plen,	1737	const char label, size_t llen, const unsigned char p, size_t plen,
1738	int use_context)	1738	int use_context)
1739	{	1739	{
1740	return (s->method->ssl3_enc->export_keying_material(s, out, olen,	1740	return (s->method->internal->ssl3_enc->export_keying_material(s, out, olen,
1741	label, llen, p, plen, use_context));	1741	label, llen, p, plen, use_context));
1742	}	1742	}
1743		1743
@@ -1831,7 +1831,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
1831	ret->internal->session_cache_tail = NULL;	1831	ret->internal->session_cache_tail = NULL;
1832		1832
1833	/* We take the system default */	1833	/* We take the system default */
1834	ret->session_timeout = meth->get_timeout();	1834	ret->session_timeout = meth->internal->get_timeout();
1835		1835
1836	ret->internal->new_session_cb = 0;	1836	ret->internal->new_session_cb = 0;
1837	ret->internal->remove_session_cb = 0;	1837	ret->internal->remove_session_cb = 0;
@@ -2309,20 +2309,20 @@ SSL_set_ssl_method(SSL s, const SSL_METHOD meth)
2309		2309
2310	if (s->method != meth) {	2310	if (s->method != meth) {
2311	if (s->internal->handshake_func != NULL)	2311	if (s->internal->handshake_func != NULL)
2312	conn = (s->internal->handshake_func == s->method->ssl_connect);	2312	conn = (s->internal->handshake_func == s->method->internal->ssl_connect);
2313		2313
2314	if (s->method->version == meth->version)	2314	if (s->method->internal->version == meth->internal->version)
2315	s->method = meth;	2315	s->method = meth;
2316	else {	2316	else {
2317	s->method->ssl_free(s);	2317	s->method->internal->ssl_free(s);
2318	s->method = meth;	2318	s->method = meth;
2319	ret = s->method->ssl_new(s);	2319	ret = s->method->internal->ssl_new(s);
2320	}	2320	}
2321		2321
2322	if (conn == 1)	2322	if (conn == 1)
2323	s->internal->handshake_func = meth->ssl_connect;	2323	s->internal->handshake_func = meth->internal->ssl_connect;
2324	else if (conn == 0)	2324	else if (conn == 0)
2325	s->internal->handshake_func = meth->ssl_accept;	2325	s->internal->handshake_func = meth->internal->ssl_accept;
2326	}	2326	}
2327	return (ret);	2327	return (ret);
2328	}	2328	}
@@ -2415,7 +2415,7 @@ SSL_do_handshake(SSL *s)
2415	return (-1);	2415	return (-1);
2416	}	2416	}
2417		2417
2418	s->method->ssl_renegotiate_check(s);	2418	s->method->internal->ssl_renegotiate_check(s);
2419		2419
2420	if (SSL_in_init(s) \|\| SSL_in_before(s)) {	2420	if (SSL_in_init(s) \|\| SSL_in_before(s)) {
2421	ret = s->internal->handshake_func(s);	2421	ret = s->internal->handshake_func(s);
@@ -2433,7 +2433,7 @@ SSL_set_accept_state(SSL *s)
2433	s->server = 1;	2433	s->server = 1;
2434	s->internal->shutdown = 0;	2434	s->internal->shutdown = 0;
2435	s->internal->state = SSL_ST_ACCEPT\|SSL_ST_BEFORE;	2435	s->internal->state = SSL_ST_ACCEPT\|SSL_ST_BEFORE;
2436	s->internal->handshake_func = s->method->ssl_accept;	2436	s->internal->handshake_func = s->method->internal->ssl_accept;
2437	/* clear the current cipher */	2437	/* clear the current cipher */
2438	ssl_clear_cipher_ctx(s);	2438	ssl_clear_cipher_ctx(s);
2439	ssl_clear_hash_ctx(&s->read_hash);	2439	ssl_clear_hash_ctx(&s->read_hash);
@@ -2446,7 +2446,7 @@ SSL_set_connect_state(SSL *s)
2446	s->server = 0;	2446	s->server = 0;
2447	s->internal->shutdown = 0;	2447	s->internal->shutdown = 0;
2448	s->internal->state = SSL_ST_CONNECT\|SSL_ST_BEFORE;	2448	s->internal->state = SSL_ST_CONNECT\|SSL_ST_BEFORE;
2449	s->internal->handshake_func = s->method->ssl_connect;	2449	s->internal->handshake_func = s->method->internal->ssl_connect;
2450	/* clear the current cipher */	2450	/* clear the current cipher */
2451	ssl_clear_cipher_ctx(s);	2451	ssl_clear_cipher_ctx(s);
2452	ssl_clear_hash_ctx(&s->read_hash);	2452	ssl_clear_hash_ctx(&s->read_hash);
@@ -2581,7 +2581,7 @@ ssl_max_server_version(SSL *s)
2581	* The SSL method will be changed during version negotiation, as such	2581	* The SSL method will be changed during version negotiation, as such
2582	* we want to use the SSL method from the context.	2582	* we want to use the SSL method from the context.
2583	*/	2583	*/
2584	max_version = s->ctx->method->version;	2584	max_version = s->ctx->method->internal->version;
2585		2585
2586	if (SSL_IS_DTLS(s))	2586	if (SSL_IS_DTLS(s))
2587	return (DTLS1_VERSION);	2587	return (DTLS1_VERSION);
@@ -2625,9 +2625,9 @@ SSL_dup(SSL *s)
2625	* and thus we can't use SSL_copy_session_id.	2625	* and thus we can't use SSL_copy_session_id.
2626	*/	2626	*/
2627		2627
2628	ret->method->ssl_free(ret);	2628	ret->method->internal->ssl_free(ret);
2629	ret->method = s->method;	2629	ret->method = s->method;
2630	ret->method->ssl_new(ret);	2630	ret->method->internal->ssl_new(ret);
2631		2631
2632	if (s->cert != NULL) {	2632	if (s->cert != NULL) {
2633	if (ret->cert != NULL) {	2633	if (ret->cert != NULL) {