[openssl-commits] [openssl] master update

Sun Jan 10 12:11:43 UTC 2016

The branch master has been updated
       via  869e978c9856c3a1faf0c289bfef3048b2af867c (commit)
      from  ca0004e5610df4333d06908c5c5788f93a971ffa (commit)


- Log -----------------------------------------------------------------
commit 869e978c9856c3a1faf0c289bfef3048b2af867c
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Sat Jan 2 20:06:07 2016 +0100

    Allow disabling the min and max version
    
    Reviewed-by: Viktor Dukhovni <openssl-users at dukhovni.org>

-----------------------------------------------------------------------

Summary of changes:
 doc/ssl/SSL_CONF_cmd.pod | 5 ++++-
 ssl/ssl_conf.c           | 1 +
 ssl/statem/statem_lib.c  | 5 +++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 2f70845..9feaa28 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -113,7 +113,8 @@ operations are permitted.
 
 Sets the minimum and maximum supported protocol.
 Currently supported protocol values are B<SSLv3>, B<TLSv1>,
-B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS.
+B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
+and B<None> for no limit.
 If the either bound is not specified then only the other bound applies,
 if specified.
 To restrict the supported protocol versions use these commands rather
@@ -275,6 +276,7 @@ This sets the minimum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
 B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
 
 =item B<MaxProtocol>
 
@@ -282,6 +284,7 @@ This sets the maximum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
 B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The value B<None> will disable the limit.
 
 =item B<Protocol>
 
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 9529d30..2c40df1 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -332,6 +332,7 @@ static int protocol_from_string(const char *value)
         int version;
     };
     static const struct protocol_versions versions[] = {
+        {"None", 0},
         {"SSLv3", SSL3_VERSION},
         {"TLSv1", TLS1_VERSION},
         {"TLSv1.1", TLS1_1_VERSION},
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index bf59eb3..7142128 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -834,6 +834,11 @@ int ssl_check_version_downgrade(SSL *s)
  */
 int ssl_set_version_bound(int method_version, int version, int *bound)
 {
+    if (version == 0) {
+        *bound = version;
+        return 1;
+    }
+
     /*-
      * Restrict TLS methods to TLS protocol versions.
      * Restrict DTLS methods to DTLS protocol versions.
