Make it substantially easier to identify protocol version requirements

by adding an enc_flags field to the ssl3_enc_method, specifying four flags
that are used with this field and providing macros for evaluating these
conditions. Currently the version requirements are identified by
continually checking the version number and other criteria.

This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2,
since they have different enc_flags from TLS v1.

Based on changes in OpenSSL head.

No objection from miod@

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
index b39303b369..6bdffd2332 100644
--- a/src/lib/libssl/t1_meth.c
+++ b/src/lib/libssl/t1_meth.c
@@ -120,7 +120,7 @@ const SSL_METHOD TLSv1_1_method_data = {
         .get_cipher = ssl3_get_cipher,
         .get_ssl_method = tls1_get_method,
         .get_timeout = tls1_default_timeout,
-        .ssl3_enc = &TLSv1_enc_data,
+        .ssl3_enc = &TLSv1_1_enc_data,
         .ssl_version = ssl_undefined_void_function,
         .ssl_callback_ctrl = ssl3_callback_ctrl,
         .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
@@ -152,7 +152,7 @@ const SSL_METHOD TLSv1_2_method_data = {
         .get_cipher = ssl3_get_cipher,
         .get_ssl_method = tls1_get_method,
         .get_timeout = tls1_default_timeout,
-        .ssl3_enc = &TLSv1_enc_data,
+        .ssl3_enc = &TLSv1_2_enc_data,
         .ssl_version = ssl_undefined_void_function,
         .ssl_callback_ctrl = ssl3_callback_ctrl,
         .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,