Add TLS_method, TLS_client_method and TLS_server_method.

Use these instead of SSLv23_*method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_*method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
author: doug <> 2015-07-19 06:31:32 +0000
committer: doug <> 2015-07-19 06:31:32 +0000
commit: 915e1bd09b87e5d7402cab53ddc89bd039968fd4 (patch)
tree: e880527a1af6d90c596c3aef10956ea51a3d268e /src
parent: b3d9b986084188c42954e6d52677fe5f9b37f0e7 (diff)
download: openbsd-915e1bd09b87e5d7402cab53ddc89bd039968fd4.tar.gz
openbsd-915e1bd09b87e5d7402cab53ddc89bd039968fd4.tar.bz2
openbsd-915e1bd09b87e5d7402cab53ddc89bd039968fd4.zip
9 files changed, 321 insertions, 9 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 30d97683a7..00954777fc 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.38 2015/03/31 13:17:48 jsing Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.39 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -120,6 +120,7 @@
 static const SSL_METHOD *ssl23_get_client_method(int ver);
 static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
+static const SSL_METHOD *tls_get_client_method(int ver);
 const SSL_METHOD SSLv23_client_method_data = {
        .version = TLS1_2_VERSION,
@@ -153,6 +154,39 @@ const SSL_METHOD SSLv23_client_method_data = {
        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
 };
+const SSL_METHOD TLS_client_method_data = {
+        .version = TLS1_2_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = ssl_undefined_function,
+        .ssl_connect = tls_connect,
+        .ssl_read = ssl23_read,
+        .ssl_peek = ssl23_peek,
+        .ssl_write = ssl23_write,
+        .ssl_shutdown = ssl_undefined_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = ssl3_read_bytes,
+        .ssl_write_bytes = ssl3_write_bytes,
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .ssl_ctrl = ssl3_ctrl,
+        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .ssl_pending = ssl_undefined_const_function,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_ssl_method = tls_get_client_method,
+        .get_timeout = ssl23_default_timeout,
+        .ssl3_enc = &ssl3_undef_enc_method,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_callback_ctrl = ssl3_callback_ctrl,
+        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
+};
 const SSL_METHOD *
 SSLv23_client_method(void)
 {
@@ -544,3 +578,33 @@ ssl23_get_server_hello(SSL *s)
 err:
        return (-1);
 }
+const SSL_METHOD *
+TLS_client_method(void)
+{
+        return &TLS_client_method_data;
+}
+static const SSL_METHOD *
+tls_get_client_method(int ver)
+{
+        if (ver == SSL3_VERSION)
+                return (NULL);
+        else
+                return ssl23_get_client_method(ver);
+}
+int
+tls_connect(SSL *s)
+{
+        int ret;
+        unsigned long old_options;
+        old_options = s->options;
+        s->options |= SSL_OP_NO_SSLv3;
+        ret = ssl23_connect(s);
+        s->options = old_options;
+        return ret;
+}
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 99bfaf07e4..f1914e0e8e 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.39 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.40 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -119,6 +119,7 @@
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
+static const SSL_METHOD *tls_get_server_method(int ver);
 const SSL_METHOD SSLv23_server_method_data = {
        .version = TLS1_2_VERSION,
@@ -152,6 +153,38 @@ const SSL_METHOD SSLv23_server_method_data = {
        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
 };
+const SSL_METHOD TLS_server_method_data = {
+        .version = TLS1_2_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = tls_accept,
+        .ssl_connect = ssl_undefined_function,
+        .ssl_read = ssl23_read,
+        .ssl_peek = ssl23_peek,
+        .ssl_write = ssl23_write,
+        .ssl_shutdown = ssl_undefined_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = ssl3_read_bytes,
+        .ssl_write_bytes = ssl3_write_bytes,
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .ssl_ctrl = ssl3_ctrl,
+        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .ssl_pending = ssl_undefined_const_function,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_ssl_method = tls_get_server_method,
+        .get_timeout = ssl23_default_timeout,
+        .ssl3_enc = &ssl3_undef_enc_method,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_callback_ctrl = ssl3_callback_ctrl,
+        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
+};
 const SSL_METHOD *
 SSLv23_server_method(void)
 {
@@ -570,3 +603,33 @@ ssl23_get_client_hello(SSL *s)
        return (SSL_accept(s));
 }
+const SSL_METHOD *
+TLS_server_method(void)
+{
+        return &TLS_server_method_data;
+}
+static const SSL_METHOD *
+tls_get_server_method(int ver)
+{
+        if (ver == SSL3_VERSION)
+                return (NULL);
+        else
+                return ssl23_get_server_method(ver);
+}
+int
+tls_accept(SSL *s)
+{
+        int ret;
+        unsigned long old_options;
+        old_options = s->options;
+        s->options |= SSL_OP_NO_SSLv3;
+        ret = ssl23_accept(s);
+        s->options = old_options;
+        return ret;
+}
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 30d97683a7..00954777fc 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.38 2015/03/31 13:17:48 jsing Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.39 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -120,6 +120,7 @@
 static const SSL_METHOD *ssl23_get_client_method(int ver);
 static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
+static const SSL_METHOD *tls_get_client_method(int ver);
 const SSL_METHOD SSLv23_client_method_data = {
        .version = TLS1_2_VERSION,
@@ -153,6 +154,39 @@ const SSL_METHOD SSLv23_client_method_data = {
        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
 };
+const SSL_METHOD TLS_client_method_data = {
+        .version = TLS1_2_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = ssl_undefined_function,
+        .ssl_connect = tls_connect,
+        .ssl_read = ssl23_read,
+        .ssl_peek = ssl23_peek,
+        .ssl_write = ssl23_write,
+        .ssl_shutdown = ssl_undefined_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = ssl3_read_bytes,
+        .ssl_write_bytes = ssl3_write_bytes,
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .ssl_ctrl = ssl3_ctrl,
+        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .ssl_pending = ssl_undefined_const_function,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_ssl_method = tls_get_client_method,
+        .get_timeout = ssl23_default_timeout,
+        .ssl3_enc = &ssl3_undef_enc_method,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_callback_ctrl = ssl3_callback_ctrl,
+        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
+};
 const SSL_METHOD *
 SSLv23_client_method(void)
 {
@@ -544,3 +578,33 @@ ssl23_get_server_hello(SSL *s)
 err:
        return (-1);
 }
+const SSL_METHOD *
+TLS_client_method(void)
+{
+        return &TLS_client_method_data;
+}
+static const SSL_METHOD *
+tls_get_client_method(int ver)
+{
+        if (ver == SSL3_VERSION)
+                return (NULL);
+        else
+                return ssl23_get_client_method(ver);
+}
+int
+tls_connect(SSL *s)
+{
+        int ret;
+        unsigned long old_options;
+        old_options = s->options;
+        s->options |= SSL_OP_NO_SSLv3;
+        ret = ssl23_connect(s);
+        s->options = old_options;
+        return ret;
+}
diff --git a/src/lib/libssl/src/ssl/s23_meth.c b/src/lib/libssl/src/ssl/s23_meth.c
index 164604001e..93a398d70b 100644
--- a/src/lib/libssl/src/ssl/s23_meth.c
+++ b/src/lib/libssl/src/ssl/s23_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_meth.c,v 1.17 2015/02/06 08:30:23 jsing Exp $ */
+/* $OpenBSD: s23_meth.c,v 1.18 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -63,6 +63,7 @@
 #include "ssl_locl.h"
 static const SSL_METHOD *ssl23_get_method(int ver);
+static const SSL_METHOD *tls_get_method(int ver);
 const SSL_METHOD SSLv23_method_data = {
        .version = TLS1_2_VERSION,
@@ -115,3 +116,50 @@ ssl23_get_method(int ver)
                return (TLSv1_2_method());
        return (NULL);
 }
+const SSL_METHOD TLS_method_data = {
+        .version = TLS1_2_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = tls_accept,
+        .ssl_connect = tls_connect,
+        .ssl_read = ssl23_read,
+        .ssl_peek = ssl23_peek,
+        .ssl_write = ssl23_write,
+        .ssl_shutdown = ssl_undefined_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = ssl3_read_bytes,
+        .ssl_write_bytes = ssl3_write_bytes,
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .ssl_ctrl = ssl3_ctrl,
+        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .ssl_pending = ssl_undefined_const_function,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_ssl_method = tls_get_method,
+        .get_timeout = ssl23_default_timeout,
+        .ssl3_enc = &ssl3_undef_enc_method,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_callback_ctrl = ssl3_callback_ctrl,
+        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
+};
+const SSL_METHOD *
+TLS_method(void)
+{
+        return &TLS_method_data;
+}
+static const SSL_METHOD *
+tls_get_method(int ver)
+{
+        if (ver == SSL3_VERSION)
+                return (NULL);
+        else
+                return ssl23_get_method(ver);
+}
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index 99bfaf07e4..f1914e0e8e 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.39 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.40 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -119,6 +119,7 @@
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
+static const SSL_METHOD *tls_get_server_method(int ver);
 const SSL_METHOD SSLv23_server_method_data = {
        .version = TLS1_2_VERSION,
@@ -152,6 +153,38 @@ const SSL_METHOD SSLv23_server_method_data = {
        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
 };
+const SSL_METHOD TLS_server_method_data = {
+        .version = TLS1_2_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = tls_accept,
+        .ssl_connect = ssl_undefined_function,
+        .ssl_read = ssl23_read,
+        .ssl_peek = ssl23_peek,
+        .ssl_write = ssl23_write,
+        .ssl_shutdown = ssl_undefined_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = ssl3_read_bytes,
+        .ssl_write_bytes = ssl3_write_bytes,
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .ssl_ctrl = ssl3_ctrl,
+        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .ssl_pending = ssl_undefined_const_function,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_ssl_method = tls_get_server_method,
+        .get_timeout = ssl23_default_timeout,
+        .ssl3_enc = &ssl3_undef_enc_method,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_callback_ctrl = ssl3_callback_ctrl,
+        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
+};
 const SSL_METHOD *
 SSLv23_server_method(void)
 {
@@ -570,3 +603,33 @@ ssl23_get_client_hello(SSL *s)
        return (SSL_accept(s));
 }
+const SSL_METHOD *
+TLS_server_method(void)
+{
+        return &TLS_server_method_data;
+}
+static const SSL_METHOD *
+tls_get_server_method(int ver)
+{
+        if (ver == SSL3_VERSION)
+                return (NULL);
+        else
+                return ssl23_get_server_method(ver);
+}
+int
+tls_accept(SSL *s)
+{
+        int ret;
+        unsigned long old_options;
+        old_options = s->options;
+        s->options |= SSL_OP_NO_SSLv3;
+        ret = ssl23_accept(s);
+        s->options = old_options;
+        return ret;
+}
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 0a0a711a20..0cd220778b 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.91 2015/07/18 19:41:54 doug Exp $ */
+/* $OpenBSD: ssl.h,v 1.92 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1696,6 +1696,9 @@ const SSL_METHOD *TLSv1_2_method(void);		/* TLSv1.2 */
 const SSL_METHOD *TLSv1_2_server_method(void);  /* TLSv1.2 */
 const SSL_METHOD *TLSv1_2_client_method(void);  /* TLSv1.2 */
+const SSL_METHOD *TLS_method(void);             /* TLS v1.0 or later */
+const SSL_METHOD *TLS_server_method(void);      /* TLS v1.0 or later */
+const SSL_METHOD *TLS_client_method(void);      /* TLS v1.0 or later */
 const SSL_METHOD *DTLSv1_method(void);          /* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_server_method(void);   /* DTLSv1.0 */
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index ba8fc79964..1c78770dfa 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.98 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -757,6 +757,8 @@ int ssl23_accept(SSL *s);
 int ssl23_connect(SSL *s);
 int ssl23_read_bytes(SSL *s, int n);
 int ssl23_write_bytes(SSL *s);
+int tls_accept(SSL *s);
+int tls_connect(SSL *s);
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 0a0a711a20..0cd220778b 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.91 2015/07/18 19:41:54 doug Exp $ */
+/* $OpenBSD: ssl.h,v 1.92 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1696,6 +1696,9 @@ const SSL_METHOD *TLSv1_2_method(void);		/* TLSv1.2 */
 const SSL_METHOD *TLSv1_2_server_method(void);  /* TLSv1.2 */
 const SSL_METHOD *TLSv1_2_client_method(void);  /* TLSv1.2 */
+const SSL_METHOD *TLS_method(void);             /* TLS v1.0 or later */
+const SSL_METHOD *TLS_server_method(void);      /* TLS v1.0 or later */
+const SSL_METHOD *TLS_client_method(void);      /* TLS v1.0 or later */
 const SSL_METHOD *DTLSv1_method(void);          /* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_server_method(void);   /* DTLSv1.0 */
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index ba8fc79964..1c78770dfa 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.98 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -757,6 +757,8 @@ int ssl23_accept(SSL *s);
 int ssl23_connect(SSL *s);
 int ssl23_read_bytes(SSL *s, int n);
 int ssl23_write_bytes(SSL *s);
+int tls_accept(SSL *s);
+int tls_connect(SSL *s);
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
author	doug <>	2015-07-19 06:31:32 +0000
committer	doug <>	2015-07-19 06:31:32 +0000
commit	915e1bd09b87e5d7402cab53ddc89bd039968fd4 (patch)
tree	e880527a1af6d90c596c3aef10956ea51a3d268e /src
parent	b3d9b986084188c42954e6d52677fe5f9b37f0e7 (diff)
download	openbsd-915e1bd09b87e5d7402cab53ddc89bd039968fd4.tar.gz openbsd-915e1bd09b87e5d7402cab53ddc89bd039968fd4.tar.bz2 openbsd-915e1bd09b87e5d7402cab53ddc89bd039968fd4.zip

diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 30d97683a7..00954777fc 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s23_clnt.c,v 1.38 2015/03/31 13:17:48 jsing Exp $ */	1	/* $OpenBSD: s23_clnt.c,v 1.39 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -120,6 +120,7 @@
120	static const SSL_METHOD *ssl23_get_client_method(int ver);	120	static const SSL_METHOD *ssl23_get_client_method(int ver);
121	static int ssl23_client_hello(SSL *s);	121	static int ssl23_client_hello(SSL *s);
122	static int ssl23_get_server_hello(SSL *s);	122	static int ssl23_get_server_hello(SSL *s);
		123	static const SSL_METHOD *tls_get_client_method(int ver);
123		124
124	const SSL_METHOD SSLv23_client_method_data = {	125	const SSL_METHOD SSLv23_client_method_data = {
125	.version = TLS1_2_VERSION,	126	.version = TLS1_2_VERSION,
@@ -153,6 +154,39 @@ const SSL_METHOD SSLv23_client_method_data = {
153	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,	154	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
154	};	155	};
155		156
		157	const SSL_METHOD TLS_client_method_data = {
		158	.version = TLS1_2_VERSION,
		159	.ssl_new = tls1_new,
		160	.ssl_clear = tls1_clear,
		161	.ssl_free = tls1_free,
		162	.ssl_accept = ssl_undefined_function,
		163	.ssl_connect = tls_connect,
		164	.ssl_read = ssl23_read,
		165	.ssl_peek = ssl23_peek,
		166	.ssl_write = ssl23_write,
		167	.ssl_shutdown = ssl_undefined_function,
		168	.ssl_renegotiate = ssl_undefined_function,
		169	.ssl_renegotiate_check = ssl_ok,
		170	.ssl_get_message = ssl3_get_message,
		171	.ssl_read_bytes = ssl3_read_bytes,
		172	.ssl_write_bytes = ssl3_write_bytes,
		173	.ssl_dispatch_alert = ssl3_dispatch_alert,
		174	.ssl_ctrl = ssl3_ctrl,
		175	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
		176	.get_cipher_by_char = ssl3_get_cipher_by_char,
		177	.put_cipher_by_char = ssl3_put_cipher_by_char,
		178	.ssl_pending = ssl_undefined_const_function,
		179	.num_ciphers = ssl3_num_ciphers,
		180	.get_cipher = ssl3_get_cipher,
		181	.get_ssl_method = tls_get_client_method,
		182	.get_timeout = ssl23_default_timeout,
		183	.ssl3_enc = &ssl3_undef_enc_method,
		184	.ssl_version = ssl_undefined_void_function,
		185	.ssl_callback_ctrl = ssl3_callback_ctrl,
		186	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
		187	};
		188
		189
156	const SSL_METHOD *	190	const SSL_METHOD *
157	SSLv23_client_method(void)	191	SSLv23_client_method(void)
158	{	192	{
@@ -544,3 +578,33 @@ ssl23_get_server_hello(SSL *s)
544	err:	578	err:
545	return (-1);	579	return (-1);
546	}	580	}
		581
		582	const SSL_METHOD *
		583	TLS_client_method(void)
		584	{
		585	return &TLS_client_method_data;
		586	}
		587
		588	static const SSL_METHOD *
		589	tls_get_client_method(int ver)
		590	{
		591	if (ver == SSL3_VERSION)
		592	return (NULL);
		593	else
		594	return ssl23_get_client_method(ver);
		595	}
		596
		597	int
		598	tls_connect(SSL *s)
		599	{
		600	int ret;
		601	unsigned long old_options;
		602
		603	old_options = s->options;
		604
		605	s->options \|= SSL_OP_NO_SSLv3;
		606	ret = ssl23_connect(s);
		607	s->options = old_options;
		608
		609	return ret;
		610	}


diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index 99bfaf07e4..f1914e0e8e 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s23_srvr.c,v 1.39 2015/03/27 12:29:54 jsing Exp $ */	1	/* $OpenBSD: s23_srvr.c,v 1.40 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -119,6 +119,7 @@
119		119
120	static const SSL_METHOD *ssl23_get_server_method(int ver);	120	static const SSL_METHOD *ssl23_get_server_method(int ver);
121	int ssl23_get_client_hello(SSL *s);	121	int ssl23_get_client_hello(SSL *s);
		122	static const SSL_METHOD *tls_get_server_method(int ver);
122		123
123	const SSL_METHOD SSLv23_server_method_data = {	124	const SSL_METHOD SSLv23_server_method_data = {
124	.version = TLS1_2_VERSION,	125	.version = TLS1_2_VERSION,
@@ -152,6 +153,38 @@ const SSL_METHOD SSLv23_server_method_data = {
152	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,	153	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
153	};	154	};
154		155
		156	const SSL_METHOD TLS_server_method_data = {
		157	.version = TLS1_2_VERSION,
		158	.ssl_new = tls1_new,
		159	.ssl_clear = tls1_clear,
		160	.ssl_free = tls1_free,
		161	.ssl_accept = tls_accept,
		162	.ssl_connect = ssl_undefined_function,
		163	.ssl_read = ssl23_read,
		164	.ssl_peek = ssl23_peek,
		165	.ssl_write = ssl23_write,
		166	.ssl_shutdown = ssl_undefined_function,
		167	.ssl_renegotiate = ssl_undefined_function,
		168	.ssl_renegotiate_check = ssl_ok,
		169	.ssl_get_message = ssl3_get_message,
		170	.ssl_read_bytes = ssl3_read_bytes,
		171	.ssl_write_bytes = ssl3_write_bytes,
		172	.ssl_dispatch_alert = ssl3_dispatch_alert,
		173	.ssl_ctrl = ssl3_ctrl,
		174	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
		175	.get_cipher_by_char = ssl3_get_cipher_by_char,
		176	.put_cipher_by_char = ssl3_put_cipher_by_char,
		177	.ssl_pending = ssl_undefined_const_function,
		178	.num_ciphers = ssl3_num_ciphers,
		179	.get_cipher = ssl3_get_cipher,
		180	.get_ssl_method = tls_get_server_method,
		181	.get_timeout = ssl23_default_timeout,
		182	.ssl3_enc = &ssl3_undef_enc_method,
		183	.ssl_version = ssl_undefined_void_function,
		184	.ssl_callback_ctrl = ssl3_callback_ctrl,
		185	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
		186	};
		187
155	const SSL_METHOD *	188	const SSL_METHOD *
156	SSLv23_server_method(void)	189	SSLv23_server_method(void)
157	{	190	{
@@ -570,3 +603,33 @@ ssl23_get_client_hello(SSL *s)
570		603
571	return (SSL_accept(s));	604	return (SSL_accept(s));
572	}	605	}
		606
		607	const SSL_METHOD *
		608	TLS_server_method(void)
		609	{
		610	return &TLS_server_method_data;
		611	}
		612
		613	static const SSL_METHOD *
		614	tls_get_server_method(int ver)
		615	{
		616	if (ver == SSL3_VERSION)
		617	return (NULL);
		618	else
		619	return ssl23_get_server_method(ver);
		620	}
		621
		622	int
		623	tls_accept(SSL *s)
		624	{
		625	int ret;
		626	unsigned long old_options;
		627
		628	old_options = s->options;
		629
		630	s->options \|= SSL_OP_NO_SSLv3;
		631	ret = ssl23_accept(s);
		632	s->options = old_options;
		633
		634	return ret;
		635	}


diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c index 30d97683a7..00954777fc 100644 --- a/src/lib/libssl/src/ssl/s23_clnt.c +++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s23_clnt.c,v 1.38 2015/03/31 13:17:48 jsing Exp $ */	1	/* $OpenBSD: s23_clnt.c,v 1.39 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -120,6 +120,7 @@
120	static const SSL_METHOD *ssl23_get_client_method(int ver);	120	static const SSL_METHOD *ssl23_get_client_method(int ver);
121	static int ssl23_client_hello(SSL *s);	121	static int ssl23_client_hello(SSL *s);
122	static int ssl23_get_server_hello(SSL *s);	122	static int ssl23_get_server_hello(SSL *s);
		123	static const SSL_METHOD *tls_get_client_method(int ver);
123		124
124	const SSL_METHOD SSLv23_client_method_data = {	125	const SSL_METHOD SSLv23_client_method_data = {
125	.version = TLS1_2_VERSION,	126	.version = TLS1_2_VERSION,
@@ -153,6 +154,39 @@ const SSL_METHOD SSLv23_client_method_data = {
153	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,	154	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
154	};	155	};
155		156
		157	const SSL_METHOD TLS_client_method_data = {
		158	.version = TLS1_2_VERSION,
		159	.ssl_new = tls1_new,
		160	.ssl_clear = tls1_clear,
		161	.ssl_free = tls1_free,
		162	.ssl_accept = ssl_undefined_function,
		163	.ssl_connect = tls_connect,
		164	.ssl_read = ssl23_read,
		165	.ssl_peek = ssl23_peek,
		166	.ssl_write = ssl23_write,
		167	.ssl_shutdown = ssl_undefined_function,
		168	.ssl_renegotiate = ssl_undefined_function,
		169	.ssl_renegotiate_check = ssl_ok,
		170	.ssl_get_message = ssl3_get_message,
		171	.ssl_read_bytes = ssl3_read_bytes,
		172	.ssl_write_bytes = ssl3_write_bytes,
		173	.ssl_dispatch_alert = ssl3_dispatch_alert,
		174	.ssl_ctrl = ssl3_ctrl,
		175	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
		176	.get_cipher_by_char = ssl3_get_cipher_by_char,
		177	.put_cipher_by_char = ssl3_put_cipher_by_char,
		178	.ssl_pending = ssl_undefined_const_function,
		179	.num_ciphers = ssl3_num_ciphers,
		180	.get_cipher = ssl3_get_cipher,
		181	.get_ssl_method = tls_get_client_method,
		182	.get_timeout = ssl23_default_timeout,
		183	.ssl3_enc = &ssl3_undef_enc_method,
		184	.ssl_version = ssl_undefined_void_function,
		185	.ssl_callback_ctrl = ssl3_callback_ctrl,
		186	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
		187	};
		188
		189
156	const SSL_METHOD *	190	const SSL_METHOD *
157	SSLv23_client_method(void)	191	SSLv23_client_method(void)
158	{	192	{
@@ -544,3 +578,33 @@ ssl23_get_server_hello(SSL *s)
544	err:	578	err:
545	return (-1);	579	return (-1);
546	}	580	}
		581
		582	const SSL_METHOD *
		583	TLS_client_method(void)
		584	{
		585	return &TLS_client_method_data;
		586	}
		587
		588	static const SSL_METHOD *
		589	tls_get_client_method(int ver)
		590	{
		591	if (ver == SSL3_VERSION)
		592	return (NULL);
		593	else
		594	return ssl23_get_client_method(ver);
		595	}
		596
		597	int
		598	tls_connect(SSL *s)
		599	{
		600	int ret;
		601	unsigned long old_options;
		602
		603	old_options = s->options;
		604
		605	s->options \|= SSL_OP_NO_SSLv3;
		606	ret = ssl23_connect(s);
		607	s->options = old_options;
		608
		609	return ret;
		610	}


diff --git a/src/lib/libssl/src/ssl/s23_meth.c b/src/lib/libssl/src/ssl/s23_meth.c index 164604001e..93a398d70b 100644 --- a/src/lib/libssl/src/ssl/s23_meth.c +++ b/src/lib/libssl/src/ssl/s23_meth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s23_meth.c,v 1.17 2015/02/06 08:30:23 jsing Exp $ */	1	/* $OpenBSD: s23_meth.c,v 1.18 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -63,6 +63,7 @@
63	#include "ssl_locl.h"	63	#include "ssl_locl.h"
64		64
65	static const SSL_METHOD *ssl23_get_method(int ver);	65	static const SSL_METHOD *ssl23_get_method(int ver);
		66	static const SSL_METHOD *tls_get_method(int ver);
66		67
67	const SSL_METHOD SSLv23_method_data = {	68	const SSL_METHOD SSLv23_method_data = {
68	.version = TLS1_2_VERSION,	69	.version = TLS1_2_VERSION,
@@ -115,3 +116,50 @@ ssl23_get_method(int ver)
115	return (TLSv1_2_method());	116	return (TLSv1_2_method());
116	return (NULL);	117	return (NULL);
117	}	118	}
		119
		120	const SSL_METHOD TLS_method_data = {
		121	.version = TLS1_2_VERSION,
		122	.ssl_new = tls1_new,
		123	.ssl_clear = tls1_clear,
		124	.ssl_free = tls1_free,
		125	.ssl_accept = tls_accept,
		126	.ssl_connect = tls_connect,
		127	.ssl_read = ssl23_read,
		128	.ssl_peek = ssl23_peek,
		129	.ssl_write = ssl23_write,
		130	.ssl_shutdown = ssl_undefined_function,
		131	.ssl_renegotiate = ssl_undefined_function,
		132	.ssl_renegotiate_check = ssl_ok,
		133	.ssl_get_message = ssl3_get_message,
		134	.ssl_read_bytes = ssl3_read_bytes,
		135	.ssl_write_bytes = ssl3_write_bytes,
		136	.ssl_dispatch_alert = ssl3_dispatch_alert,
		137	.ssl_ctrl = ssl3_ctrl,
		138	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
		139	.get_cipher_by_char = ssl3_get_cipher_by_char,
		140	.put_cipher_by_char = ssl3_put_cipher_by_char,
		141	.ssl_pending = ssl_undefined_const_function,
		142	.num_ciphers = ssl3_num_ciphers,
		143	.get_cipher = ssl3_get_cipher,
		144	.get_ssl_method = tls_get_method,
		145	.get_timeout = ssl23_default_timeout,
		146	.ssl3_enc = &ssl3_undef_enc_method,
		147	.ssl_version = ssl_undefined_void_function,
		148	.ssl_callback_ctrl = ssl3_callback_ctrl,
		149	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
		150	};
		151
		152	const SSL_METHOD *
		153	TLS_method(void)
		154	{
		155	return &TLS_method_data;
		156	}
		157
		158	static const SSL_METHOD *
		159	tls_get_method(int ver)
		160	{
		161	if (ver == SSL3_VERSION)
		162	return (NULL);
		163	else
		164	return ssl23_get_method(ver);
		165	}


diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c index 99bfaf07e4..f1914e0e8e 100644 --- a/src/lib/libssl/src/ssl/s23_srvr.c +++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s23_srvr.c,v 1.39 2015/03/27 12:29:54 jsing Exp $ */	1	/* $OpenBSD: s23_srvr.c,v 1.40 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -119,6 +119,7 @@
119		119
120	static const SSL_METHOD *ssl23_get_server_method(int ver);	120	static const SSL_METHOD *ssl23_get_server_method(int ver);
121	int ssl23_get_client_hello(SSL *s);	121	int ssl23_get_client_hello(SSL *s);
		122	static const SSL_METHOD *tls_get_server_method(int ver);
122		123
123	const SSL_METHOD SSLv23_server_method_data = {	124	const SSL_METHOD SSLv23_server_method_data = {
124	.version = TLS1_2_VERSION,	125	.version = TLS1_2_VERSION,
@@ -152,6 +153,38 @@ const SSL_METHOD SSLv23_server_method_data = {
152	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,	153	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
153	};	154	};
154		155
		156	const SSL_METHOD TLS_server_method_data = {
		157	.version = TLS1_2_VERSION,
		158	.ssl_new = tls1_new,
		159	.ssl_clear = tls1_clear,
		160	.ssl_free = tls1_free,
		161	.ssl_accept = tls_accept,
		162	.ssl_connect = ssl_undefined_function,
		163	.ssl_read = ssl23_read,
		164	.ssl_peek = ssl23_peek,
		165	.ssl_write = ssl23_write,
		166	.ssl_shutdown = ssl_undefined_function,
		167	.ssl_renegotiate = ssl_undefined_function,
		168	.ssl_renegotiate_check = ssl_ok,
		169	.ssl_get_message = ssl3_get_message,
		170	.ssl_read_bytes = ssl3_read_bytes,
		171	.ssl_write_bytes = ssl3_write_bytes,
		172	.ssl_dispatch_alert = ssl3_dispatch_alert,
		173	.ssl_ctrl = ssl3_ctrl,
		174	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
		175	.get_cipher_by_char = ssl3_get_cipher_by_char,
		176	.put_cipher_by_char = ssl3_put_cipher_by_char,
		177	.ssl_pending = ssl_undefined_const_function,
		178	.num_ciphers = ssl3_num_ciphers,
		179	.get_cipher = ssl3_get_cipher,
		180	.get_ssl_method = tls_get_server_method,
		181	.get_timeout = ssl23_default_timeout,
		182	.ssl3_enc = &ssl3_undef_enc_method,
		183	.ssl_version = ssl_undefined_void_function,
		184	.ssl_callback_ctrl = ssl3_callback_ctrl,
		185	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
		186	};
		187
155	const SSL_METHOD *	188	const SSL_METHOD *
156	SSLv23_server_method(void)	189	SSLv23_server_method(void)
157	{	190	{
@@ -570,3 +603,33 @@ ssl23_get_client_hello(SSL *s)
570		603
571	return (SSL_accept(s));	604	return (SSL_accept(s));
572	}	605	}
		606
		607	const SSL_METHOD *
		608	TLS_server_method(void)
		609	{
		610	return &TLS_server_method_data;
		611	}
		612
		613	static const SSL_METHOD *
		614	tls_get_server_method(int ver)
		615	{
		616	if (ver == SSL3_VERSION)
		617	return (NULL);
		618	else
		619	return ssl23_get_server_method(ver);
		620	}
		621
		622	int
		623	tls_accept(SSL *s)
		624	{
		625	int ret;
		626	unsigned long old_options;
		627
		628	old_options = s->options;
		629
		630	s->options \|= SSL_OP_NO_SSLv3;
		631	ret = ssl23_accept(s);
		632	s->options = old_options;
		633
		634	return ret;
		635	}


diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 0a0a711a20..0cd220778b 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.91 2015/07/18 19:41:54 doug Exp $ */	1	/* $OpenBSD: ssl.h,v 1.92 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1696,6 +1696,9 @@ const SSL_METHOD TLSv1_2_method(void); / TLSv1.2 */
1696	const SSL_METHOD TLSv1_2_server_method(void); / TLSv1.2 */	1696	const SSL_METHOD TLSv1_2_server_method(void); / TLSv1.2 */
1697	const SSL_METHOD TLSv1_2_client_method(void); / TLSv1.2 */	1697	const SSL_METHOD TLSv1_2_client_method(void); / TLSv1.2 */
1698		1698
		1699	const SSL_METHOD TLS_method(void); / TLS v1.0 or later */
		1700	const SSL_METHOD TLS_server_method(void); / TLS v1.0 or later */
		1701	const SSL_METHOD TLS_client_method(void); / TLS v1.0 or later */
1699		1702
1700	const SSL_METHOD DTLSv1_method(void); / DTLSv1.0 */	1703	const SSL_METHOD DTLSv1_method(void); / DTLSv1.0 */
1701	const SSL_METHOD DTLSv1_server_method(void); / DTLSv1.0 */	1704	const SSL_METHOD DTLSv1_server_method(void); / DTLSv1.0 */


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index ba8fc79964..1c78770dfa 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.98 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -757,6 +757,8 @@ int ssl23_accept(SSL *s);
757	int ssl23_connect(SSL *s);	757	int ssl23_connect(SSL *s);
758	int ssl23_read_bytes(SSL *s, int n);	758	int ssl23_read_bytes(SSL *s, int n);
759	int ssl23_write_bytes(SSL *s);	759	int ssl23_write_bytes(SSL *s);
		760	int tls_accept(SSL *s);
		761	int tls_connect(SSL *s);
760		762
761	int tls1_new(SSL *s);	763	int tls1_new(SSL *s);
762	void tls1_free(SSL *s);	764	void tls1_free(SSL *s);


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 0a0a711a20..0cd220778b 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.91 2015/07/18 19:41:54 doug Exp $ */	1	/* $OpenBSD: ssl.h,v 1.92 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1696,6 +1696,9 @@ const SSL_METHOD TLSv1_2_method(void); / TLSv1.2 */
1696	const SSL_METHOD TLSv1_2_server_method(void); / TLSv1.2 */	1696	const SSL_METHOD TLSv1_2_server_method(void); / TLSv1.2 */
1697	const SSL_METHOD TLSv1_2_client_method(void); / TLSv1.2 */	1697	const SSL_METHOD TLSv1_2_client_method(void); / TLSv1.2 */
1698		1698
		1699	const SSL_METHOD TLS_method(void); / TLS v1.0 or later */
		1700	const SSL_METHOD TLS_server_method(void); / TLS v1.0 or later */
		1701	const SSL_METHOD TLS_client_method(void); / TLS v1.0 or later */
1699		1702
1700	const SSL_METHOD DTLSv1_method(void); / DTLSv1.0 */	1703	const SSL_METHOD DTLSv1_method(void); / DTLSv1.0 */
1701	const SSL_METHOD DTLSv1_server_method(void); / DTLSv1.0 */	1704	const SSL_METHOD DTLSv1_server_method(void); / DTLSv1.0 */


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index ba8fc79964..1c78770dfa 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.98 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -757,6 +757,8 @@ int ssl23_accept(SSL *s);
757	int ssl23_connect(SSL *s);	757	int ssl23_connect(SSL *s);
758	int ssl23_read_bytes(SSL *s, int n);	758	int ssl23_read_bytes(SSL *s, int n);
759	int ssl23_write_bytes(SSL *s);	759	int ssl23_write_bytes(SSL *s);
		760	int tls_accept(SSL *s);
		761	int tls_connect(SSL *s);
760		762
761	int tls1_new(SSL *s);	763	int tls1_new(SSL *s);
762	void tls1_free(SSL *s);	764	void tls1_free(SSL *s);