From 4130928dd2382afbbd71fcdb4d25f5032ba926bd Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sahana@redhat.com>
Date: Wed, 8 Apr 2020 16:12:55 +0200
Subject: [PATCH] Fixes default tls version patch to handle default values from
 OpenSSL crypto policies

---
 stunnel-5.56-default-tls-version.patch | 20 ++++++++++++++++----
 stunnel.spec                           |  5 ++++-
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/stunnel-5.56-default-tls-version.patch b/stunnel-5.56-default-tls-version.patch
index 0f42b62..b66753e 100644
--- a/stunnel-5.56-default-tls-version.patch
+++ b/stunnel-5.56-default-tls-version.patch
@@ -10,9 +10,21 @@
  #endif /* defined PROTOTYPES_H */
 
  /* end of prototypes.h */
---- stunnel-5.56/src/options.c.default-tls-version	2020-04-06 11:14:41.993334510 +0200
-+++ stunnel-5.56/src/options.c	2020-04-06 11:22:37.393391977 +0200
-@@ -3142,7 +3142,10 @@ NOEXPORT char *parse_service_option(CMD
+--- stunnel-5.56/src/options.c.default-tls-version	2020-04-06 18:58:48.947214149 +0200
++++ stunnel-5.56/src/options.c	2020-04-08 15:45:18.093520780 +0200
+@@ -3123,8 +3123,9 @@ NOEXPORT char *parse_service_option(CMD
+             return "Invalid protocol version";
+         return NULL; /* OK */
+     case CMD_INITIALIZE:
+-        if(section->max_proto_version && section->min_proto_version &&
+-                section->max_proto_version<section->min_proto_version)
++        if(section->max_proto_version != USE_DEFAULT_TLS_VERSION
++                && section->min_proto_version != USE_DEFAULT_TLS_VERSION
++                && section->max_proto_version<section->min_proto_version)
+             return "Invalid protocol version range";
+         break;
+     case CMD_PRINT_DEFAULTS:
+@@ -3142,7 +3143,10 @@ NOEXPORT char *parse_service_option(CMD
      /* sslVersionMax */
      switch(cmd) {
      case CMD_SET_DEFAULTS:
@@ -24,7 +36,7 @@
          break;
      case CMD_SET_COPY:
          section->max_proto_version=new_service_options.max_proto_version;
-@@ -3173,7 +3176,10 @@ NOEXPORT char *parse_service_option(CMD
+@@ -3173,7 +3177,10 @@ NOEXPORT char *parse_service_option(CMD
      /* sslVersionMin */
      switch(cmd) {
      case CMD_SET_DEFAULTS:
diff --git a/stunnel.spec b/stunnel.spec
index fb3a18f..d0da52e 100644
--- a/stunnel.spec
+++ b/stunnel.spec
@@ -10,7 +10,7 @@
 Summary: A TLS-encrypting socket wrapper
 Name: stunnel
 Version: 5.56
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2
 URL: http://www.stunnel.org/
 Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
@@ -138,6 +138,9 @@ make test || (for i in tests/logs/*.log ; do echo "$i": ; cat "$i" ; done)
 %systemd_postun_with_restart %{name}.service
 
 %changelog
+* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6
+- Fixes default tls version patch to handle default values from OpenSSL crypto policies
+
 * Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-5
 - Removes warnings caused by the patch