Fix a bug in create_ssl_ctx_pair()

The max protocol version was only being set on the server side. It should
have been done on both the client and the server.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6113)
This commit is contained in:
Matt Caswell 2018-04-27 12:09:08 +01:00
parent 3bfa4756bd
commit 6021d8ec5a

View file

@ -531,10 +531,10 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
goto err; goto err;
if (clientctx != NULL if (clientctx != NULL
&& ((min_proto_version > 0 && ((min_proto_version > 0
&& !TEST_true(SSL_CTX_set_min_proto_version(serverctx, && !TEST_true(SSL_CTX_set_min_proto_version(clientctx,
min_proto_version))) min_proto_version)))
|| (max_proto_version > 0 || (max_proto_version > 0
&& !TEST_true(SSL_CTX_set_max_proto_version(serverctx, && !TEST_true(SSL_CTX_set_max_proto_version(clientctx,
max_proto_version))))) max_proto_version)))))
goto err; goto err;