Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / e34bcc91c07c0bf65ecc53a814d51f5246007150^! / . / include / openssl / ssl.h
commite34bcc91c07c0bf65ecc53a814d51f5246007150[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Sep 21 16:53:09 2016 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Wed Sep 21 21:41:49 2016 +0000
tree267d2b289a5d347ab906a417b9175cec7fd6f1c5
parentc8b6b4fe4afbcd31b61007b1288de380c7f51b4c [diff] [blame]
Support default versions with set_{min,max}_proto_version.

Upstream makes 0 mean "min/max supported version". Match that behavior,
although call it "default" instead. It shouldn't get you TLS 1.3 until
we're ready to turn it on everywhere.

BUG=90

Change-Id: I9f122fceb701b7d4de2ff70afbc1ffdf370cb97e
Reviewed-on: https://boringssl-review.googlesource.com/11181
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d629b8f..8454c30 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -565,19 +565,25 @@
 #define TLS1_3_DRAFT_VERSION 14
 
 /* SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
- * |version|. It returns one on success and zero if |version| is invalid. */
-OPENSSL_EXPORT int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
+ * |version|. If |version| is zero, the default minimum version is used. It
+ * returns one on success and zero if |version| is invalid. */
+OPENSSL_EXPORT int SSL_CTX_set_min_proto_version(SSL_CTX *ctx,
+                                                 uint16_t version);
 
 /* SSL_CTX_set_max_proto_version sets the maximum protocol version for |ctx| to
- * |version|. It returns one on success and zero if |version| is invalid. */
-OPENSSL_EXPORT int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);
+ * |version|. If |version| is zero, the default maximum version is used. It
+ * returns one on success and zero if |version| is invalid. */
+OPENSSL_EXPORT int SSL_CTX_set_max_proto_version(SSL_CTX *ctx,
+                                                 uint16_t version);
 
 /* SSL_set_min_proto_version sets the minimum protocol version for |ssl| to
- * |version|. It returns one on success and zero if |version| is invalid. */
+ * |version|. If |version| is zero, the default minimum version is used. It
+ * returns one on success and zero if |version| is invalid. */
 OPENSSL_EXPORT int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
 
 /* SSL_set_max_proto_version sets the maximum protocol version for |ssl| to
- * |version|. It returns one on success and zero if |version| is invalid. */
+ * |version|. If |version| is zero, the default maximum version is used. It
+ * returns one on success and zero if |version| is invalid. */
 OPENSSL_EXPORT int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
 
 /* SSL_version returns the TLS or DTLS protocol version used by |ssl|, which is