From 5d994915db5d0a0615b6618184d705dbf25a7473 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 2 Jul 2022 16:31:04 +0000
Subject: Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c

The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff
is now confined into ssl_seclevel.c and the rest of the library can make
use of the more straightforward wrappers, which makes it a lot easier on
the eyes.

ok beck jsing
---
 src/lib/libssl/ssl_lib.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/lib/libssl/ssl_lib.c')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 609bfb7e65..2cdcef444c 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.294 2022/06/29 20:04:28 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.295 2022/07/02 16:31:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1471,8 +1471,7 @@ SSL_get1_supported_ciphers(SSL *s)
 		if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
 		    max_vers))
 			continue;
-		if (!ssl_security(s, SSL_SECOP_CIPHER_SUPPORTED,
-		    cipher->strength_bits, 0, cipher))
+		if (!ssl_security_supported_cipher(s, cipher))
 			continue;
 		if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
 			goto err;
-- 
cgit v1.2.3-55-g6feb