From 30415c48dd85a36c2e3c2bf50146e554fecc1eb7 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Sat, 12 Jul 2014 19:45:54 +0000 Subject: Provide ssl_version_string() function, which uses one of those modern C constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@ --- lib/libssl/ssl.h | 4 +++- lib/libssl/ssl_lib.c | 34 +++++++++++++++++++++++----------- lib/libssl/ssl_locl.h | 3 ++- lib/libssl/ssl_txt.c | 18 +++--------------- 4 files changed, 31 insertions(+), 28 deletions(-) (limited to 'lib/libssl') diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 5ea440231a8..7547d05aa64 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.61 2014/07/11 09:24:44 beck Exp $ */ +/* $OpenBSD: ssl.h,v 1.62 2014/07/12 19:45:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -293,6 +293,8 @@ extern "C" { #define SSL_TXT_SHA256 "SHA256" #define SSL_TXT_SHA384 "SHA384" +#define SSL_TXT_DTLS1 "DTLSv1" +#define SSL_TXT_DTLS1_BAD "DTLSv1-bad" #define SSL_TXT_SSLV2 "SSLv2" #define SSL_TXT_SSLV3 "SSLv3" #define SSL_TXT_TLSV1 "TLSv1" diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index db310de881b..b563071cdad 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.76 2014/07/12 16:03:37 miod Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.77 2014/07/12 19:45:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2409,19 +2409,31 @@ ssl_bad_method(int ver) return (NULL); } +const char * +ssl_version_string(int ver) +{ + switch (ver) { + case DTLS1_BAD_VER: + return (SSL_TXT_DTLS1_BAD); + case DTLS1_VERSION: + return (SSL_TXT_DTLS1); + case SSL3_VERSION: + return (SSL_TXT_SSLV3); + case TLS1_VERSION: + return (SSL_TXT_TLSV1); + case TLS1_1_VERSION: + return (SSL_TXT_TLSV1_1); + case TLS1_2_VERSION: + return (SSL_TXT_TLSV1_2); + default: + return ("unknown"); + } +} + const char * SSL_get_version(const SSL *s) { - if (s->version == TLS1_2_VERSION) - return ("TLSv1.2"); - else if (s->version == TLS1_1_VERSION) - return ("TLSv1.1"); - else if (s->version == TLS1_VERSION) - return ("TLSv1"); - else if (s->version == SSL3_VERSION) - return ("SSLv3"); - else - return ("unknown"); + return ssl_version_string(s->version); } SSL * diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 0d96ee5fe8b..22ba8d926e5 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.60 2014/07/12 13:11:53 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.61 2014/07/12 19:45:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -543,6 +543,7 @@ extern SSL3_ENC_METHOD ssl3_undef_enc_method; extern SSL_CIPHER ssl3_ciphers[]; SSL_METHOD *ssl_bad_method(int ver); +const char *ssl_version_string(int ver); extern SSL3_ENC_METHOD TLSv1_enc_data; extern SSL3_ENC_METHOD TLSv1_1_enc_data; diff --git a/lib/libssl/ssl_txt.c b/lib/libssl/ssl_txt.c index 950620d300b..3540bab3137 100644 --- a/lib/libssl/ssl_txt.c +++ b/lib/libssl/ssl_txt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_txt.c,v 1.23 2014/07/11 09:24:44 beck Exp $ */ +/* $OpenBSD: ssl_txt.c,v 1.24 2014/07/12 19:45:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,20 +112,8 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) goto err; if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; - if (x->ssl_version == SSL3_VERSION) - s = "SSLv3"; - else if (x->ssl_version == TLS1_2_VERSION) - s = "TLSv1.2"; - else if (x->ssl_version == TLS1_1_VERSION) - s = "TLSv1.1"; - else if (x->ssl_version == TLS1_VERSION) - s = "TLSv1"; - else if (x->ssl_version == DTLS1_VERSION) - s = "DTLSv1"; - else if (x->ssl_version == DTLS1_BAD_VER) - s = "DTLSv1-bad"; - else - s = "unknown"; + + s = ssl_version_string(x->ssl_version); if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) goto err; -- cgit v1.2.3