s_client, s_server: do generic SSL configuration first, specialization after
authorRichard Levitte <levitte@openssl.org>
Mon, 19 Mar 2018 19:33:50 +0000 (20:33 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 19 Mar 2018 22:40:05 +0000 (22:40 +0000)
commit8f8be103fd7d8b5992724d618c99cbddd7dd00d7
tree426abdb940aca9945a933d09528fef57bb1ced09
parent27df4597316c28a03c73bacb4095e86e41da65bb
s_client, s_server: do generic SSL configuration first, specialization after

We did the SSL_CONF_cmd() pass last of all things that could affect
the SSL ctx.  However, the results of this, for example:

    -max_protocol TLSv1.3 -tls1_2

... would mean that the protocol min got set to TLSv1.2 and the
protocol max to TLSv1.3, when they should clearly both be TLSv1.2.

However, if we see the SSL_CONF_cmd() switches as generic and those
internal to s_client and s_server as specialisations, we get something
that makes a little more sense.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5679)
apps/s_client.c
apps/s_server.c