Merge tag 'upstream/2.3.4'

Upstream version 2.3.4
author: Alberto Gonzalez Iniesta <agi@inittab.org> 2014-09-02 12:20:00 +0200
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2014-09-02 12:20:00 +0200
commit: c1db7b69b6d1d4da34995b32cfd78172d5d015c4 (patch)
tree: cf2a6cf09c8487f58e19f8ffe72e48cda7deccc6 /src/openvpn/ssl_openssl.c
parent: dc7b942f8f182eb26054299fab3b87c6342361fe (diff)
parent: 809daf3b371e0c2457b5d4bd414382eb67bf8348 (diff)
1 files changed, 20 insertions, 4 deletions
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 5689e7c..481600a 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -119,11 +119,16 @@ tmp_rsa_cb (SSL * s, int is_export, int keylength)
 }
 
 void
-tls_ctx_server_new(struct tls_root_ctx *ctx)
+tls_ctx_server_new(struct tls_root_ctx *ctx, unsigned int ssl_flags)
 {
+  const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK;
+
   ASSERT(NULL != ctx);
 
-  ctx->ctx = SSL_CTX_new (SSLv23_server_method ());
+  if (tls_version_min > TLS_VER_UNSPEC)
+    ctx->ctx = SSL_CTX_new (SSLv23_server_method ());
+  else
+    ctx->ctx = SSL_CTX_new (TLSv1_server_method ());
 
   if (ctx->ctx == NULL)
     msg (M_SSLERR, "SSL_CTX_new SSLv23_server_method");
@@ -132,11 +137,16 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)
 }
 
 void
-tls_ctx_client_new(struct tls_root_ctx *ctx)
+tls_ctx_client_new(struct tls_root_ctx *ctx, unsigned int ssl_flags)
 {
+  const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK;
+
   ASSERT(NULL != ctx);
 
-  ctx->ctx = SSL_CTX_new (SSLv23_client_method ());
+  if (tls_version_min > TLS_VER_UNSPEC)
+    ctx->ctx = SSL_CTX_new (SSLv23_client_method ());
+  else
+    ctx->ctx = SSL_CTX_new (TLSv1_client_method ());
 
   if (ctx->ctx == NULL)
     msg (M_SSLERR, "SSL_CTX_new SSLv23_client_method");
@@ -1345,4 +1355,10 @@ get_highest_preference_tls_cipher (char *buf, int size)
   SSL_CTX_free (ctx);
 }
 
+char *
+get_ssl_library_version(void)
+{
+    return SSLeay_version(SSLEAY_VERSION);
+}
+
 #endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) */
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2014-09-02 12:20:00 +0200
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2014-09-02 12:20:00 +0200
commit	c1db7b69b6d1d4da34995b32cfd78172d5d015c4 (patch)
tree	cf2a6cf09c8487f58e19f8ffe72e48cda7deccc6 /src/openvpn/ssl_openssl.c
parent	dc7b942f8f182eb26054299fab3b87c6342361fe (diff)
parent	809daf3b371e0c2457b5d4bd414382eb67bf8348 (diff)