Disallow multiple protocol flags to s_server and s_client

[openssl.git] / apps / s_cb.c

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 5b5e711bf2eb9c44557ce0dcf20a6f5eb04eb492..d1a99a7bd605b4c0fea103783ca3e173d3248df0 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1507,11 +1507,18 @@ void print_ssl_summary(BIO *bio, SSL *s)
 }
 
 int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
-             int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
+             int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr,
+             int *no_prot_opt)
 {
     char *arg = **pargs, *argn = (*pargs)[1];
     int rv;
 
+    if (strcmp(arg, "-no_ssl2") == 0 || strcmp(arg, "-no_ssl3") == 0
+        || strcmp(arg, "-no_tls1") == 0 || strcmp(arg, "-no_tls1_1") == 0
+        || strcmp(arg, "-no_tls1_2") == 0) {
+        *no_prot_opt = 1;
+    }
+
     /* Attempt to run SSL configuration command */
     rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
     /* If parameter not recognised just return */