Add minimum and maximum version fields to SSL, SSL_CTX and SSL_METHOD

for future work.

Discussed with beck@

1 files changed, 10 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index b9f772d484..d8c25cac42 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.100 2016/11/04 17:58:19 guenther Exp $ */
+/* $OpenBSD: ssl.h,v 1.101 2016/12/21 16:51:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -397,6 +397,8 @@ struct ssl_cipher_st {
 /* Used to hold functions for SSLv3/TLSv1 functions */
 struct ssl_method_st {
         int version;
+        uint16_t min_version;
+        uint16_t max_version;
         int (*ssl_new)(SSL *s);
         void (*ssl_clear)(SSL *s);
         void (*ssl_free)(SSL *s);
@@ -688,6 +690,9 @@ struct lhash_st_SSL_SESSION {
 struct ssl_ctx_st {
         const SSL_METHOD *method;
 
+        uint16_t min_version;
+        uint16_t max_version;
+
         STACK_OF(SSL_CIPHER) *cipher_list;
         /* same as above but sorted for lookup */
         STACK_OF(SSL_CIPHER) *cipher_list_by_id;
@@ -998,6 +1003,10 @@ struct ssl_st {
          * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
          */
         int version;
+
+        uint16_t min_version;
+        uint16_t max_version;
+
         int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
 
         const SSL_METHOD *method; /* SSLv3 */