From 936f71e5d4f50f2238b0320d44f7fb5f88e39809 Mon Sep 17 00:00:00 2001 From: David Benjamin <davidben@davidben.net> Date: Thu, 21 Jul 2022 11:44:30 -0700 Subject: [PATCH] gh-95095: Use SSL_CTX_get_max_proto_version instead of SSL_CTX_ctrl (GH-95096) The wrapper macros are more readable and match the form recommended in the OpenSSL documentation. They also slightly less error-prone, as the mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in this case it's straightforward.) https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html --- Modules/_ssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 78c02c1cd82..bf8bd9dea89 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3515,7 +3515,7 @@ set_min_max_proto_version(PySSLContext *self, PyObject *arg, int what) static PyObject * get_minimum_version(PySSLContext *self, void *c) { - int v = SSL_CTX_ctrl(self->ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL); + int v = SSL_CTX_get_min_proto_version(self->ctx); if (v == 0) { v = PY_PROTO_MINIMUM_SUPPORTED; } @@ -3531,7 +3531,7 @@ set_minimum_version(PySSLContext *self, PyObject *arg, void *c) static PyObject * get_maximum_version(PySSLContext *self, void *c) { - int v = SSL_CTX_ctrl(self->ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL); + int v = SSL_CTX_get_max_proto_version(self->ctx); if (v == 0) { v = PY_PROTO_MAXIMUM_SUPPORTED; } -- GitLab