Use right function to set TLS1.3 restrictions in show-tls

The last version of the patch used the TLS1.2 version
tls_ctx_restrict_ciphers to set the restrictions for both
TLS 1.3 and TLS1.2 instead of using tls_ctx_restrict_ciphers_tls13
for TLS1.3.

Also fix minor style problem while I am touching the function
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20181011220639.7316-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17755.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 680117529ededd94b1d56867f8d834aa5daa2b95)

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 813f007786eee769b355d5c3475a92640ceed043..a78dae991ee9e76aa86c3ffc9c51777e5ecdd304 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -1850,15 +1850,16 @@ show_available_tls_ciphers_list(const char *cipher_list,
     if (tls13)
     {
         SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
+        tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
     }
     else
 #endif
     {
         SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
+        tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
     }
 
     tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
-    tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
 
     SSL *ssl = SSL_new(tls_ctx.ctx);
     if (!ssl)
@@ -1887,7 +1888,8 @@ show_available_tls_ciphers_list(const char *cipher_list,
         else if (NULL == pair)
         {
             /* No translation found, print warning */
-            printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n", cipher_name);
+            printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n",
+                   cipher_name);
         }
         else
         {