From 1e3243705c6918de211100bcbd8ef0b8488d215e Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 7 Feb 2021 15:04:10 +0000
Subject: Factor out the legacy stack version checks.

Also check for explicit version numbers, rather than just the major version
value.

ok tb@
---
 src/lib/libssl/ssl_versions.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_versions.c')

diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c
index c5de9d0cde..83d0d06af5 100644
--- a/src/lib/libssl/ssl_versions.c
+++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.8 2021/01/04 19:19:12 tb Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.9 2021/02/07 15:04:10 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -231,3 +231,13 @@ ssl_downgrade_max_version(SSL *s, uint16_t *max_ver)
 
 	return 1;
 }
+
+int
+ssl_legacy_stack_version(SSL *s, uint16_t version)
+{
+	if (SSL_is_dtls(s))
+		return version == DTLS1_VERSION;
+
+	return version == TLS1_VERSION || version == TLS1_1_VERSION ||
+	    version == TLS1_2_VERSION;
+}
-- 
cgit v1.2.3-55-g6feb