From 2622410ed251447b1fabb360b33d023a95414339 Mon Sep 17 00:00:00 2001 From: jca <> Date: Thu, 15 Mar 2018 12:27:01 +0000 Subject: Provide SSL_CTX_get_min_proto_version and SSL_CTX_get_max_proto_version We already provided the setters, so also provide the getters like OpenSSL does. Addition prompted by the use of those functions in recent openvpn releases. manpage diff from schwarze@ (thanks!) with input from jsing@, ok tb@ jsing@ --- src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 | 62 ++++++++++++++++++---- 1 file changed, 51 insertions(+), 11 deletions(-) (limited to 'src/lib/libssl/man') diff --git a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 b/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 index ff057cadac..38ac9fc421 100644 --- a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 +++ b/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 @@ -1,8 +1,9 @@ -.\" $OpenBSD: SSL_CTX_set_min_proto_version.3,v 1.1 2017/08/19 23:45:10 schwarze Exp $ -.\" OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" $OpenBSD: SSL_CTX_set_min_proto_version.3,v 1.2 2018/03/15 12:27:01 jca Exp $ +.\" full merge up to: OpenSSL 3edabd3c Sep 14 09:28:39 2017 +0200 .\" -.\" This file was written by Kurt Roeckx . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" This file was written by Kurt Roeckx and +.\" Christian Heimes . +.\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -48,15 +49,19 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 19 2017 $ +.Dd $Mdocdate: March 15 2018 $ .Dt SSL_CTX_SET_MIN_PROTO_VERSION 3 .Os .Sh NAME .Nm SSL_CTX_set_min_proto_version , .Nm SSL_CTX_set_max_proto_version , +.Nm SSL_CTX_get_min_proto_version , +.Nm SSL_CTX_get_max_proto_version , .Nm SSL_set_min_proto_version , -.Nm SSL_set_max_proto_version -.Nd set minimum and maximum supported protocol version +.Nm SSL_set_max_proto_version , +.Nm SSL_get_min_proto_version , +.Nm SSL_get_max_proto_version +.Nd get and set minimum and maximum supported protocol version .Sh SYNOPSIS .In openssl/ssl.h .Ft int @@ -70,6 +75,14 @@ .Fa "uint16_t version" .Fc .Ft int +.Fo SSL_CTX_get_min_proto_version +.Fa "SSL_CTX *ctx" +.Fc +.Ft int +.Fo SSL_CTX_get_max_proto_version +.Fa "SSL_CTX *ctx" +.Fc +.Ft int .Fo SSL_set_min_proto_version .Fa "SSL *ssl" .Fa "uint16_t version" @@ -79,8 +92,16 @@ .Fa "SSL *ssl" .Fa "uint16_t version" .Fc +.Ft int +.Fo SSL_get_min_proto_version +.Fa "SSL *ssl" +.Fc +.Ft int +.Fo SSL_get_max_proto_version +.Fa "SSL *ssl" +.Fc .Sh DESCRIPTION -These functions set the minimum and maximum supported protocol +These functions get or set the minimum and maximum supported protocol versions for .Fa ctx or @@ -102,13 +123,32 @@ and for TLS and .Sy DTLS1_VERSION for DTLS. +.Pp +In other implementations, these functions may be implemented as macros. .Sh RETURN VALUES -These functions return 1 on success or 0 on failure. +The setter functions return 1 on success or 0 on failure. +.Pp +The getter functions return the configured version or 0 if +.Fa ctx +or +.Fa ssl +has been configured to automatically use the lowest or highest +version supported by the library. .Sh SEE ALSO .Xr ssl 3 , .Xr SSL_CTX_new 3 , .Xr SSL_CTX_set_options 3 .Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since +The setter functions first appeared in BoringSSL in December 2014, +with shorter names without the +.Sy proto_ +part. +Two years later, OpenSSL included them in their 1.1.0 release, +gratuitiously changing the names; Google shrugged and adopted +the longer names one month later. +They have been available since .Ox 6.2 . +.Pp +The getter functions first appeared in OpenSSL 1.1.1 +and have been available since +.Ox 6.3 . -- cgit v1.2.3-55-g6feb