Hi,
On 20-01-18 05:47, selva.n...@gmail.com wrote:
> From: Selva Nair <selva.n...@gmail.com>
>
> - No change in functionality. This is used in a subsequent
> patch for extending TLS1.2 support with cryptoapicert
>
> Signed-off-by: Selva Nair <selva.n...@gmail.com>
> ---
> src/openvpn/openssl_compat.h | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
> index 9f1e92a..c94341a 100644
> --- a/src/openvpn/openssl_compat.h
> +++ b/src/openvpn/openssl_compat.h
> @@ -670,6 +670,29 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
> }
> #endif /* SSL_CTX_get_min_proto_version */
>
> +#ifndef SSL_CTX_get_max_proto_version
> +/** Return the max SSL protocol version currently enabled in the context.
> + * If no valid version >= TLS1.0 is found, return 0. */
> +static inline int
> +SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
> +{
> + long sslopt = SSL_CTX_get_options(ctx);
> + if (!(sslopt & SSL_OP_NO_TLSv1_2))
> + {
> + return TLS1_2_VERSION;
> + }
> + if (!(sslopt & SSL_OP_NO_TLSv1_1))
> + {
> + return TLS1_1_VERSION;
> + }
> + if (!(sslopt & SSL_OP_NO_TLSv1))
> + {
> + return TLS1_VERSION;
> + }
> + return 0;
> +}
> +#endif /* SSL_CTX_get_max_proto_version */
> +
> #ifndef SSL_CTX_set_min_proto_version
> /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
> static inline int
>
Looks good and compiles fine.
Acked-by: Steffan Karger <stef...@karger.me>
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
