From: Selva Nair <selva.nair@gmail.com>
Date: Sat, 20 Jan 2018 04:47:27 +0000 (-0500)
Subject: Add SSL_CTX_get_max_proto_version() not in openssl 1.0
X-Git-Tag: v2.5_beta1~524
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e272106029a41b2110c10334ba8cae0f4afb1b4;p=thirdparty%2Fopenvpn.git

Add SSL_CTX_get_max_proto_version() not in openssl 1.0

- No change in functionality. This is used in a subsequent
  patch for extending TLS1.2 support with cryptoapicert

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1516423647-21932-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16287.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 9f1e92a18..c94341a54 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -670,6 +670,29 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
 }
 #endif /* SSL_CTX_get_min_proto_version */
 
+#ifndef SSL_CTX_get_max_proto_version
+/** Return the max SSL protocol version currently enabled in the context.
+ *  If no valid version >= TLS1.0 is found, return 0. */
+static inline int
+SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
+{
+    long sslopt = SSL_CTX_get_options(ctx);
+    if (!(sslopt & SSL_OP_NO_TLSv1_2))
+    {
+	return TLS1_2_VERSION;
+    }
+    if (!(sslopt & SSL_OP_NO_TLSv1_1))
+    {
+	return TLS1_1_VERSION;
+    }
+    if (!(sslopt & SSL_OP_NO_TLSv1))
+    {
+	return TLS1_VERSION;
+    }
+    return 0;
+}
+#endif /* SSL_CTX_get_max_proto_version */
+
 #ifndef SSL_CTX_set_min_proto_version
 /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
 static inline int