Use SSL_get_version() not SSL_get_cipher_version(); the former gives the TLS

version used for the connection, the latter gives "the SSL/TLS protocol version
that first defined the cipher". Fixes "TLS version=TLSv1/SSLv3" in received/log
lines.

ok millert@ "I was going to commit this today, so yes definitely" ok gilles@

diff --git a/usr.sbin/smtpd/ioev.c b/usr.sbin/smtpd/ioev.c
index 2a5b3ce..1a51009 100644 (file)
--- a/usr.sbin/smtpd/ioev.c
+++ b/usr.sbin/smtpd/ioev.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ioev.c,v 1.21 2015/10/14 22:01:43 gilles Exp $        */
+/*     $OpenBSD: ioev.c,v 1.22 2015/10/16 21:13:33 sthen Exp $ */
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -89,7 +89,7 @@ io_strio(struct io *io)
 #ifdef IO_SSL
        if (io->ssl) {
                (void)snprintf(ssl, sizeof ssl, " ssl=%s:%s:%d",
-                   SSL_get_cipher_version(io->ssl),
+                   SSL_get_version(io->ssl),
                    SSL_get_cipher_name(io->ssl),
                    SSL_get_cipher_bits(io->ssl, NULL));
        }

diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
index 9355e36..9ba6fa6 100644 (file)
--- a/usr.sbin/smtpd/smtp_session.c
+++ b/usr.sbin/smtpd/smtp_session.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: smtp_session.c,v 1.236 2015/10/13 11:32:47 eric Exp $ */
+/*     $OpenBSD: smtp_session.c,v 1.237 2015/10/16 21:13:33 sthen Exp $        */
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -649,7 +649,7 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg)
                        x = SSL_get_peer_certificate(s->io.ssl);
                        smtp_message_printf(s,
                            "\n\tTLS version=%s cipher=%s bits=%d verify=%s",
-                           SSL_get_cipher_version(s->io.ssl),
+                           SSL_get_version(s->io.ssl),
                            SSL_get_cipher_name(s->io.ssl),
                            SSL_get_cipher_bits(s->io.ssl, NULL),
                            (s->flags & SF_VERIFIED) ? "YES" : (x ? "FAIL" : "NO"));

diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c
index 66c761e..96dfa66 100644 (file)
--- a/usr.sbin/smtpd/ssl.c
+++ b/usr.sbin/smtpd/ssl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ssl.c,v 1.76 2015/03/13 13:42:54 giovanni Exp $       */
+/*     $OpenBSD: ssl.c,v 1.77 2015/10/16 21:13:33 sthen Exp $  */
 
 /*
  * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -344,7 +344,7 @@ ssl_to_text(const SSL *ssl)
        static char buf[256];
 
        (void)snprintf(buf, sizeof buf, "version=%s, cipher=%s, bits=%d",
-           SSL_get_cipher_version(ssl),
+           SSL_get_version(ssl),
            SSL_get_cipher_name(ssl),
            SSL_get_cipher_bits(ssl, NULL));