From: sthen <sthen@openbsd.org>
Date: Fri, 16 Oct 2015 21:13:33 +0000 (+0000)
Subject: Use SSL_get_version() not SSL_get_cipher_version(); the former gives the TLS
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=860088dff0462cc6b28c44f48274187a5ae03e90;p=openbsd

Use SSL_get_version() not SSL_get_cipher_version(); the former gives the TLS
version used for the connection, the latter gives "the SSL/TLS protocol version
that first defined the cipher". Fixes "TLS version=TLSv1/SSLv3" in received/log
lines.

ok millert@ "I was going to commit this today, so yes definitely" ok gilles@
---

diff --git a/usr.sbin/smtpd/ioev.c b/usr.sbin/smtpd/ioev.c
index 2a5b3ce565d..1a51009325e 100644
--- a/usr.sbin/smtpd/ioev.c
+++ b/usr.sbin/smtpd/ioev.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ioev.c,v 1.21 2015/10/14 22:01:43 gilles Exp $	*/
+/*	$OpenBSD: ioev.c,v 1.22 2015/10/16 21:13:33 sthen Exp $	*/
 /*
  * Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
  *
@@ -89,7 +89,7 @@ io_strio(struct io *io)
 #ifdef IO_SSL
 	if (io->ssl) {
 		(void)snprintf(ssl, sizeof ssl, " ssl=%s:%s:%d",
-		    SSL_get_cipher_version(io->ssl),
+		    SSL_get_version(io->ssl),
 		    SSL_get_cipher_name(io->ssl),
 		    SSL_get_cipher_bits(io->ssl, NULL));
 	}
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
index 9355e3675e2..9ba6fa683de 100644
--- a/usr.sbin/smtpd/smtp_session.c
+++ b/usr.sbin/smtpd/smtp_session.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtp_session.c,v 1.236 2015/10/13 11:32:47 eric Exp $	*/
+/*	$OpenBSD: smtp_session.c,v 1.237 2015/10/16 21:13:33 sthen Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -649,7 +649,7 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg)
 			x = SSL_get_peer_certificate(s->io.ssl);
 			smtp_message_printf(s,
 			    "\n\tTLS version=%s cipher=%s bits=%d verify=%s",
-			    SSL_get_cipher_version(s->io.ssl),
+			    SSL_get_version(s->io.ssl),
 			    SSL_get_cipher_name(s->io.ssl),
 			    SSL_get_cipher_bits(s->io.ssl, NULL),
 			    (s->flags & SF_VERIFIED) ? "YES" : (x ? "FAIL" : "NO"));
diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c
index 66c761e254b..96dfa66c580 100644
--- a/usr.sbin/smtpd/ssl.c
+++ b/usr.sbin/smtpd/ssl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl.c,v 1.76 2015/03/13 13:42:54 giovanni Exp $	*/
+/*	$OpenBSD: ssl.c,v 1.77 2015/10/16 21:13:33 sthen Exp $	*/
 
 /*
  * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -344,7 +344,7 @@ ssl_to_text(const SSL *ssl)
 	static char buf[256];
 
 	(void)snprintf(buf, sizeof buf, "version=%s, cipher=%s, bits=%d",
-	    SSL_get_cipher_version(ssl),
+	    SSL_get_version(ssl),
 	    SSL_get_cipher_name(ssl),
 	    SSL_get_cipher_bits(ssl, NULL));