From: Stefan Eissing <icing@apache.org>
Date: Tue, 3 Apr 2018 11:49:17 +0000 (+0000)
Subject: On the trunk:
X-Git-Tag: 2.5.0-alpha2-ci-test-only~2728
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=afba88ef3da7cc02efcfd85bad5f775427463b2d;p=thirdparty%2Fapache%2Fhttpd.git

On the trunk:

mod_ssl: guard use of TLS1_3_VERSION with proper #ifdefs



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828220 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 35553f5eaf6..dd9036c18d8 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -685,9 +685,12 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
 
 #else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
     /* We first determine the maximum protocol version we should provide */
+#ifdef SSL_OP_NO_TLSv1_3
     if (SSL_HAVE_PROTOCOL_TLSV1_3 && (protocol & SSL_PROTOCOL_TLSV1_3)) {
         prot = TLS1_3_VERSION;
-    } else  if (protocol & SSL_PROTOCOL_TLSV1_2) {
+    } else
+#endif
+    if (protocol & SSL_PROTOCOL_TLSV1_2) {
         prot = TLS1_2_VERSION;
     } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
         prot = TLS1_1_VERSION;
@@ -708,9 +711,11 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
 
     /* Next we scan for the minimal protocol version we should provide,
      * but we do not allow holes between max and min */
+#ifdef SSL_OP_NO_TLSv1_3
     if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) {
         prot = TLS1_2_VERSION;
     }
+#endif
     if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) {
         prot = TLS1_1_VERSION;
     }