From 0211c1396ff6d4dc401cabef56c2af3202f043f9 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 29 Sep 2014 15:11:29 +0000
Subject: Add an option that allows the enabled SSL protocols to be explicitly
 configured.

Discussed with several.

ok bcook@
---
 src/lib/libressl/ressl_client.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/lib/libressl/ressl_client.c')

diff --git a/src/lib/libressl/ressl_client.c b/src/lib/libressl/ressl_client.c
index 5969a104f7..8723a35ae0 100644
--- a/src/lib/libressl/ressl_client.c
+++ b/src/lib/libressl/ressl_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_client.c,v 1.3 2014/08/05 12:46:16 jsing Exp $ */
+/* $OpenBSD: ressl_client.c,v 1.4 2014/09/29 15:11:29 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -134,11 +134,14 @@ ressl_connect_socket(struct ressl *ctx, int socket, const char *hostname)
 
 	ctx->socket = socket;
 
-	/* XXX - add a configuration option to control versions. */
 	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
 		ressl_set_error(ctx, "ssl context failure");
 		goto err;
 	}
+
+	if (ressl_configure_ssl(ctx) != 0)
+		goto err;
+
 	if (ctx->config->verify) {
 		if (hostname == NULL) {
 			ressl_set_error(ctx, "server name not specified");
-- 
cgit v1.2.3-55-g6feb