Update from 1.0.0-stable.

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 2ad60fe649f1cf87e2961affaa4eeda394b98452..49f8ca46d1d2ba637548dd9e3550227c7e4e8674 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -259,7 +259,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
        ctx->method=meth;
 
        sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
-               &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
+               &(ctx->cipher_list_by_id),
+               meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
        if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
                {
                SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
@@ -485,6 +486,16 @@ int SSL_set_trust(SSL *s, int trust)
        return X509_VERIFY_PARAM_set_trust(s->param, trust);
        }
 
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+       {
+       return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+       }
+
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+       {
+       return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+       }
+
 void SSL_free(SSL *s)
        {
        int i;
@@ -1528,7 +1539,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 
        ssl_create_cipher_list(ret->method,
                &ret->cipher_list,&ret->cipher_list_by_id,
-               SSL_DEFAULT_CIPHER_LIST);
+               meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
        if (ret->cipher_list == NULL
            || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
                {