return 0;
}
- if (key_len == EVP_MD_size(EVP_sha256()))
- cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
- else if (key_len == EVP_MD_size(EVP_sha384()))
- cipher = SSL_CIPHER_find(s, tls13_aes256gcmsha384_id);
-
+ /* We default to SHA-256 */
+ cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
if (cipher == NULL) {
- /* Doesn't look like a suitable TLSv1.3 key. Ignore it */
- OPENSSL_free(key);
- *id = NULL;
- *idlen = 0;
- *sess = NULL;
- return 1;
+ BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+ return 0;
}
+
usesess = SSL_SESSION_new();
if (usesess == NULL
|| !SSL_SESSION_set1_master_key(usesess, key, key_len)
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
+ if (!config_ctx(cctx, ssl_args, ctx))
+ goto end;
+
if (ssl_config != NULL) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
}
}
- if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+ if (min_version != 0
+ && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
- if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+ if (max_version != 0
+ && SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
goto end;
}
- if (!config_ctx(cctx, ssl_args, ctx))
- goto end;
-
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
crls, crl_download)) {
BIO_printf(bio_err, "Error loading store locations\n");
projects / openssl.git / blobdiff