Add checks to ensure we do not initiate or negotiate handshakes with

versions below the minimum required by the security level. input & ok jsing
author: tb <> 2022-06-30 11:17:50 +0000
committer: tb <> 2022-06-30 11:17:50 +0000
commit: 5f574489be242a7d86373038f340aaf574a0b228 (patch)
tree: fb1aefe52767d19838deec117e17af2cbf6cd936 /src/lib/libssl/ssl_locl.h
parent: 727d040aad78fde5a0f1d575255736d37d0c721c (diff)
download: openbsd-5f574489be242a7d86373038f340aaf574a0b228.tar.gz
openbsd-5f574489be242a7d86373038f340aaf574a0b228.tar.bz2
openbsd-5f574489be242a7d86373038f340aaf574a0b228.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b46e37f5eb..d466b59642 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.407 2022/06/29 21:18:04 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.408 2022/06/30 11:17:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1301,6 +1301,7 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
 int ssl_security(const SSL *ssl, int op, int bits, int nid, void *other);
 int ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh);
 int ssl_security_dh(const SSL *ssl, DH *dh);
+int ssl_security_version(const SSL *ssl, int version);
 int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
    int is_peer, int *out_error);
 int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk,
author	tb <>	2022-06-30 11:17:50 +0000
committer	tb <>	2022-06-30 11:17:50 +0000
commit	5f574489be242a7d86373038f340aaf574a0b228 (patch)
tree	fb1aefe52767d19838deec117e17af2cbf6cd936 /src/lib/libssl/ssl_locl.h
parent	727d040aad78fde5a0f1d575255736d37d0c721c (diff)
download	openbsd-5f574489be242a7d86373038f340aaf574a0b228.tar.gz openbsd-5f574489be242a7d86373038f340aaf574a0b228.tar.bz2 openbsd-5f574489be242a7d86373038f340aaf574a0b228.zip