From: Selva Nair <selva.n...@gmail.com>
- No change in functionality. This is used in a subsequent
patch for extending TLS1.2 support with cryptoapicert
Signed-off-by: Selva Nair <selva.n...@gmail.com>
---
This is for 2.4
Same as the patch merged into master except for the ifdefs
needed for 0.9.8
src/openvpn/openssl_compat.h | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 9f1e92a..4b338d2 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -670,6 +670,33 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
}
#endif /* SSL_CTX_get_min_proto_version */
+#ifndef SSL_CTX_get_max_proto_version
+/** Return the max SSL protocol version currently enabled in the context.
+ * If no valid version >= TLS1.0 is found, return 0. */
+static inline int
+SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
+{
+ long sslopt = SSL_CTX_get_options(ctx);
+#ifdef SSL_OP_NO_TLSv1_2
+ if (!(sslopt & SSL_OP_NO_TLSv1_2))
+ {
+ return TLS1_2_VERSION;
+ }
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+ if (!(sslopt & SSL_OP_NO_TLSv1_1))
+ {
+ return TLS1_1_VERSION;
+ }
+#endif
+ if (!(sslopt & SSL_OP_NO_TLSv1))
+ {
+ return TLS1_VERSION;
+ }
+ return 0;
+}
+#endif /* SSL_CTX_get_max_proto_version */
+
#ifndef SSL_CTX_set_min_proto_version
/** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
static inline int
--
2.1.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
