(trafficserver) 06/12: Print warning about valid_tls_versions_in on startup (#11187)

Tue, 02 Apr 2024 09:21:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 68c172fc9396a51061d36245a2039c8ef76f8dd6
Author: Masakazu Kitajo <[email protected]>
AuthorDate: Wed Mar 27 09:42:02 2024 -0600

    Print warning about valid_tls_versions_in on startup (#11187)
    
    (cherry picked from commit a27d59911624c23518ac841f4bbde1006ee15f29)
---
 src/iocore/net/SNIActionPerformer.cc | 6 +++++-
 src/iocore/net/SNIActionPerformer.h  | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/iocore/net/SNIActionPerformer.cc 
b/src/iocore/net/SNIActionPerformer.cc
index f7adcfe898..34f35e533b 100644
--- a/src/iocore/net/SNIActionPerformer.cc
+++ b/src/iocore/net/SNIActionPerformer.cc
@@ -317,6 +317,11 @@ HostSniPolicy::TestClientSNIAction(const char *servername, 
const IpEndpoint &ep,
   return false;
 }
 
+TLSValidProtocols::TLSValidProtocols(unsigned long protocols) : unset(false), 
protocol_mask(protocols)
+{
+  Warning("valid_tls_versions_in is deprecated. Use valid_tls_version_min_in 
and ivalid_tls_version_max_in instead.");
+}
+
 int
 TLSValidProtocols::SNIAction(SSL &ssl, const Context & /* ctx */) const
 {
@@ -337,7 +342,6 @@ TLSValidProtocols::SNIAction(SSL &ssl, const Context & /* 
ctx */) const
       const char *servername = snis->get_sni_server_name();
       Dbg(dbg_ctl_ssl_sni, "TLSValidProtocol param 0%x, fqdn [%s]", 
static_cast<unsigned int>(this->protocol_mask), servername);
       tbs->set_valid_tls_protocols(protocol_mask, TLSValidProtocols::max_mask);
-      Warning("valid_tls_versions_in is deprecated. Use 
valid_tls_version_min_in and ivalid_tls_version_max_in instead.");
     }
   }
 
diff --git a/src/iocore/net/SNIActionPerformer.h 
b/src/iocore/net/SNIActionPerformer.h
index 314a9c56ea..a6654f3117 100644
--- a/src/iocore/net/SNIActionPerformer.h
+++ b/src/iocore/net/SNIActionPerformer.h
@@ -243,7 +243,7 @@ public:
   static const unsigned long max_mask = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | 
SSL_OP_NO_TLSv1_2;
 #endif
   TLSValidProtocols() : protocol_mask(max_mask) {}
-  TLSValidProtocols(unsigned long protocols) : unset(false), 
protocol_mask(protocols) {}
+  TLSValidProtocols(unsigned long protocols);
   TLSValidProtocols(int min_ver, int max_ver) : unset(false), 
protocol_mask(0), min_ver(min_ver), max_ver(max_ver) {}
 
   int SNIAction(SSL &ssl, const Context & /* ctx */) const override;

Reply via email to