Provide getters for min/max proto version#4364
Closed
tiran wants to merge 1 commit intoopenssl:masterfrom
Closed
Conversation
e2d45c0 to
e1b21d5
Compare
richsalz
approved these changes
Sep 14, 2017
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new API to set the minimum and maximum protocol version for SSL_CTX with TLS_method(). Add getters to introspect the configured versions: int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); int SSL_get_min_proto_version(SSL *ssl); int SSL_get_max_proto_version(SSL *ssl); NOTE: The getters do not resolv the version in case when the minimum or maxium version are configured as '0' (meaning auto-select lowest and highst version number). Signed-off-by: Christian Heimes <christian@python.org>
e1b21d5 to
1201aae
Compare
Contributor
Author
|
I addressed the |
kaduk
approved these changes
Sep 14, 2017
Contributor
kaduk
left a comment
There was a problem hiding this comment.
Generally fine, just one question inline
|
|
||
| These functions return 1 on success and 0 on failure. | ||
| These setter functions return 1 on success and 0 on failure. The getter | ||
| functions return the configured version or 0 for auto-configuration of |
Contributor
There was a problem hiding this comment.
Do we want to give an example and/or pointer to relevant header for what these values would look like (e.g., TLS1_2_VERSION)?
Contributor
Author
There was a problem hiding this comment.
We list the versions a couple lines above. I guess it should be obvious to any reader, don't you think?
Contributor
There was a problem hiding this comment.
Yes, it should be; thanks for pointing it out
Member
|
I guess this could qualify for adding to 1.1.0 |
Contributor
|
I agree; we decided missing set/get functions because structures are now opaque is a bugfix. |
Contributor
|
I'm not going to have time to do this, if anyone else wants to merge.... |
Contributor
|
I can merge. |
levitte
pushed a commit
that referenced
this pull request
Sep 15, 2017
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new API to set the minimum and maximum protocol version for SSL_CTX with TLS_method(). Add getters to introspect the configured versions: int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); int SSL_get_min_proto_version(SSL *ssl); int SSL_get_max_proto_version(SSL *ssl); NOTE: The getters do not resolv the version in case when the minimum or maxium version are configured as '0' (meaning auto-select lowest and highst version number). Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #4364)
kaduk
pushed a commit
to kaduk/openssl
that referenced
this pull request
Sep 15, 2017
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new API to set the minimum and maximum protocol version for SSL_CTX with TLS_method(). Add getters to introspect the configured versions: int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); int SSL_get_min_proto_version(SSL *ssl); int SSL_get_max_proto_version(SSL *ssl); NOTE: The getters do not resolv the version in case when the minimum or maxium version are configured as '0' (meaning auto-select lowest and highst version number). Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from openssl#4364) (cherry picked from commit 3edabd3) Updated for new manual page location and TLS 1.3.
Contributor
|
Merged to master; the cherry-pick is not very clean, so that's in #4376 . |
tiran
added a commit
to tiran/openssl
that referenced
this pull request
Jan 21, 2018
The getters for min and max proto version wrongly passed NULL instead of 0 as third argument to SSL_ctrl() and SSL_CTX_ctrl(). The third argument is not used, but the error results in a compiler warning: warning: passing argument 3 of ‘SSL_CTX_ctrl’ makes integer from pointer without a cast [-Wint-conversion] int v = SSL_CTX_get_max_proto_version(self->ctx); See openssl#4364 Signed-off-by: Christian Heimes <christian@python.org>
levitte
pushed a commit
that referenced
this pull request
Jan 24, 2018
The getters for min and max proto version wrongly passed NULL instead of 0 as third argument to SSL_ctrl() and SSL_CTX_ctrl(). The third argument is not used, but the error results in a compiler warning: warning: passing argument 3 of ‘SSL_CTX_ctrl’ makes integer from pointer without a cast [-Wint-conversion] int v = SSL_CTX_get_max_proto_version(self->ctx); See #4364 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #5128)
levitte
pushed a commit
that referenced
this pull request
Jan 24, 2018
The getters for min and max proto version wrongly passed NULL instead of 0 as third argument to SSL_ctrl() and SSL_CTX_ctrl(). The third argument is not used, but the error results in a compiler warning: warning: passing argument 3 of ‘SSL_CTX_ctrl’ makes integer from pointer without a cast [-Wint-conversion] int v = SSL_CTX_get_max_proto_version(self->ctx); See #4364 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #5128) (cherry picked from commit 1f82eba)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new
API to set the minimum and maximum protocol version for SSL_CTX with
TLS_method(). Add getters to introspect the configured versions:
int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
int SSL_get_min_proto_version(SSL *ssl);
int SSL_get_max_proto_version(SSL *ssl);
NOTE: The getters do not resolv the version in case when the minimum or
maxium version are configured as '0' (meaning auto-select lowest and
highst version number).
Signed-off-by: Christian Heimes christian@python.org
Checklist