Victor Wagner <vitus@wagner.pp.ru> writes:
> I'm attaching patch which uses solution mentioned above.
> It seems that chedk for SSL_OP_NO_TLSvX_Y is redundant if
> we are checking for TLS_MAX_VERSION.
One thing I'm wondering is if it's safe to assume that TLS_MAX_VERSION
will be defined whenever these other symbols are. Looking in an
0.9.8x install tree, that doesn't seem to define any of them; while
in 1.0.1e I see
./tls1.h:#define TLS1_1_VERSION 0x0302
./tls1.h:#define TLS1_2_VERSION 0x0303
./tls1.h:#define TLS_MAX_VERSION TLS1_2_VERSION
So the patch seems okay for these two versions, but I have no data about
intermediate OpenSSL versions.
BTW, the spacing in this patch seems rather random.
regards, tom lane