From: Matt Caswell <matt@openssl.org>
Date: Fri, 12 Jun 2020 09:52:41 +0000 (+0100)
Subject: Ensure that SSL_dup copies the min/max protocol version
X-Git-Tag: OpenSSL_1_1_1h~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32d738c9a2abeea5a709de9c33e4e6d6b87938bd;p=thirdparty%2Fopenssl.git

Ensure that SSL_dup copies the min/max protocol version

With thanks to Rebekah Johnson for reporting this issue.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12245)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7c7e59789cc..1d96eb4d3b7 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3824,6 +3824,8 @@ SSL *SSL_dup(SSL *s)
         goto err;
     ret->version = s->version;
     ret->options = s->options;
+    ret->min_proto_version = s->min_proto_version;
+    ret->max_proto_version = s->max_proto_version;
     ret->mode = s->mode;
     SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
     SSL_set_read_ahead(ret, SSL_get_read_ahead(s));