add SetMinVersion at context level

src/internal.c

@@ -359,6 +359,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
     ctx->refCount = 1;          /* so either CTX_free or SSL_free can release */
     ctx->heap     = ctx;        /* defaults to self */
     ctx->timeout  = WOLFSSL_SESSION_TIMEOUT;
+    ctx->minDowngrade = TLSv1_MINOR;     /* current default */
 
     if (InitMutex(&ctx->countMutex) < 0) {
         WOLFSSL_MSG("Mutex error on CTX init");
@@ -1488,7 +1489,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->verifyCallback    = ctx->verifyCallback;
     ssl->options.side      = ctx->method->side;
     ssl->options.downgrade    = ctx->method->downgrade;
-    ssl->options.minDowngrade = TLSv1_MINOR;     /* current default */
+    ssl->options.minDowngrade = ctx->minDowngrade;
 
     if (ssl->options.side == WOLFSSL_SERVER_END)
         ssl->options.haveDH = ctx->haveDH;

src/ssl.c

@@ -1568,6 +1568,54 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl)
 }
 
 
+/* make minVersion the internal equivilant SSL version */
+static int SetMinVersionHelper(byte* minVersion, int version)
+{
+    switch (version) {
+#ifndef NO_OLD_TLS
+        case WOLFSSL_SSLV3:
+            *minVersion = SSLv3_MINOR;
+            break;
+#endif
+
+#ifndef NO_TLS
+    #ifndef NO_OLD_TLS
+        case WOLFSSL_TLSV1:
+            *minVersion = TLSv1_MINOR;
+            break;
+
+        case WOLFSSL_TLSV1_1:
+            *minVersion = TLSv1_1_MINOR;
+            break;
+    #endif
+        case WOLFSSL_TLSV1_2:
+            *minVersion = TLSv1_2_MINOR;
+            break;
+#endif
+
+        default:
+            WOLFSSL_MSG("Bad function argument");
+            return BAD_FUNC_ARG;
+    }
+
+    return SSL_SUCCESS;
+}
+
+
+/* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
+int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_SetMinVersion");
+
+    if (ctx == NULL) {
+        WOLFSSL_MSG("Bad function argument");
+        return BAD_FUNC_ARG;
+    }
+
+    return SetMinVersionHelper(&ctx->minDowngrade, version);
+}
+
+
 /* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
 int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
 {
@@ -1578,35 +1626,7 @@ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
         return BAD_FUNC_ARG;
     }
 
-    switch (version) {
+    return SetMinVersionHelper(&ssl->options.minDowngrade, version);
-#ifndef NO_OLD_TLS
-        case WOLFSSL_SSLV3:
-            ssl->options.minDowngrade = SSLv3_MINOR;
-            break;
-#endif
-
-#ifndef NO_TLS
-    #ifndef NO_OLD_TLS
-        case WOLFSSL_TLSV1:
-            ssl->options.minDowngrade = TLSv1_MINOR;
-            break;
-
-        case WOLFSSL_TLSV1_1:
-            ssl->options.minDowngrade = TLSv1_1_MINOR;
-            break;
-    #endif
-        case WOLFSSL_TLSV1_2:
-            ssl->options.minDowngrade = TLSv1_2_MINOR;
-            break;
-#endif
-
-        default:
-            WOLFSSL_MSG("Bad function argument");
-            return BAD_FUNC_ARG;
-    }
-
-
-    return SSL_SUCCESS;
 }
 
 

wolfssl/internal.h

@@ -1441,6 +1441,7 @@ struct WOLFSSL_CTX {
     byte        partialWrite;     /* only one msg per write call */
     byte        quietShutdown;    /* don't send close notify */
     byte        groupMessages;    /* group handshake messages before sending */
+    byte        minDowngrade;     /* minimum downgrade version */
     CallbackIORecv CBIORecv;
     CallbackIOSend CBIOSend;
 #ifdef WOLFSSL_DTLS

wolfssl/ssl.h

@@ -1038,6 +1038,7 @@ enum {
     WOLFSSL_CHAIN_CA = 2           /* added to cache from trusted chain */
 };
 
+WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
 WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
 WOLFSSL_API int wolfSSL_GetObjectSize(void);  /* object size based on build */
 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);