From 95d91de56d07efcd6dd35c2b3815d31608c9ba7f Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 31 May 2020 18:03:32 +0000 Subject: Replace ssl_max_server_version() with ssl_downgrade_max_version() Replace the only occurrence of ssl_max_server_version() with a call to ssl_downgrade_max_version() and remove ssl_max_server_version(). ok beck@ tb@ --- src/lib/libssl/ssl_ciphers.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/lib/libssl/ssl_ciphers.c') diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c index 3abed60b5b..3a1fb14d5c 100644 --- a/src/lib/libssl/ssl_ciphers.c +++ b/src/lib/libssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.3 2019/05/15 09:13:16 bcook Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.4 2020/05/31 18:03:32 jsing Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan * Copyright (c) 2015-2018 Joel Sing @@ -133,8 +133,9 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) * Fail if the current version is an unexpected * downgrade. */ - max_version = ssl_max_server_version(s); - if (max_version == 0 || s->version < max_version) { + if (!ssl_downgrade_max_version(s, &max_version)) + goto err; + if (s->version < max_version) { SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INAPPROPRIATE_FALLBACK); -- cgit v1.2.3-55-g6feb