Factor out the legacy stack version checks.

Also check for explicit version numbers, rather than just the major version value. ok tb@
author: jsing <> 2021-02-07 15:04:10 +0000
committer: jsing <> 2021-02-07 15:04:10 +0000
commit: ff76d1cff85d5e2902acc8c8be909fe6a7c33390 (patch)
tree: 39da1e539db935f3cc8ae0aeec4e7f7ceb5cc61e /src/lib/libssl/ssl_versions.c
parent: b4b8a48cdfd397e4350388fe0e6ff7928e35242f (diff)
download: openbsd-ff76d1cff85d5e2902acc8c8be909fe6a7c33390.tar.gz
openbsd-ff76d1cff85d5e2902acc8c8be909fe6a7c33390.tar.bz2
openbsd-ff76d1cff85d5e2902acc8c8be909fe6a7c33390.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c
index c5de9d0cde..83d0d06af5 100644
--- a/src/lib/libssl/ssl_versions.c
+++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.8 2021/01/04 19:19:12 tb Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.9 2021/02/07 15:04:10 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -231,3 +231,13 @@ ssl_downgrade_max_version(SSL *s, uint16_t *max_ver)
        return 1;
 }
+int
+ssl_legacy_stack_version(SSL *s, uint16_t version)
+{
+        if (SSL_is_dtls(s))
+                return version == DTLS1_VERSION;
+        return version == TLS1_VERSION || version == TLS1_1_VERSION ||
+            version == TLS1_2_VERSION;
+}
author	jsing <>	2021-02-07 15:04:10 +0000
committer	jsing <>	2021-02-07 15:04:10 +0000
commit	ff76d1cff85d5e2902acc8c8be909fe6a7c33390 (patch)
tree	39da1e539db935f3cc8ae0aeec4e7f7ceb5cc61e /src/lib/libssl/ssl_versions.c
parent	b4b8a48cdfd397e4350388fe0e6ff7928e35242f (diff)
download	openbsd-ff76d1cff85d5e2902acc8c8be909fe6a7c33390.tar.gz openbsd-ff76d1cff85d5e2902acc8c8be909fe6a7c33390.tar.bz2 openbsd-ff76d1cff85d5e2902acc8c8be909fe6a7c33390.zip

diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c index c5de9d0cde..83d0d06af5 100644 --- a/src/lib/libssl/ssl_versions.c +++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_versions.c,v 1.8 2021/01/04 19:19:12 tb Exp $ */	1	/* $OpenBSD: ssl_versions.c,v 1.9 2021/02/07 15:04:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -231,3 +231,13 @@ ssl_downgrade_max_version(SSL s, uint16_t max_ver)
231		231
232	return 1;	232	return 1;
233	}	233	}
		234
		235	int
		236	ssl_legacy_stack_version(SSL *s, uint16_t version)
		237	{
		238	if (SSL_is_dtls(s))
		239	return version == DTLS1_VERSION;
		240
		241	return version == TLS1_VERSION \|\| version == TLS1_1_VERSION \|\|
		242	version == TLS1_2_VERSION;
		243	}