nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+

Fix for issue #77

Changelog

@@ -18,6 +18,7 @@ FIXES
 - Off-by-one BO in my_system() (John Frickson)
 - Got rid of some compiler warnings (Stefan Krüger / John Frickson)
 - Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
+- nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
 
 
 3.0.1 - 2016-09-08

src/check_nrpe.c

@@ -809,10 +809,23 @@ void setup_ssl()
 			exit(STATE_CRITICAL);
 		}
 
-		if (sslprm.ssl_min_ver >= SSLv3) {
-			ssl_opts |= SSL_OP_NO_SSLv2;
-			if (sslprm.ssl_min_ver >= TLSv1)
+		switch(sslprm.ssl_min_ver) {
+			case SSLv2:
+			case SSLv2_plus:
+				break;
+			case TLSv1_2:
+			case TLSv1_2_plus:
+				ssl_opts |= SSL_OP_NO_TLSv1_1;
+			case TLSv1_1:
+			case TLSv1_1_plus:
+				ssl_opts |= SSL_OP_NO_TLSv1;
+			case TLSv1:
+			case TLSv1_plus:
 				ssl_opts |= SSL_OP_NO_SSLv3;
+			case SSLv3:
+			case SSLv3_plus:
+				ssl_opts |= SSL_OP_NO_SSLv2;
+				break;
 		}
 		SSL_CTX_set_options(ctx, ssl_opts);
 

src/nrpe.c

@@ -304,10 +304,23 @@ void init_ssl(void)
 		exit(STATE_CRITICAL);
 	}
 
-	if (sslprm.ssl_min_ver >= SSLv3) {
-		ssl_opts |= SSL_OP_NO_SSLv2;
-		if (sslprm.ssl_min_ver >= TLSv1)
+	switch(sslprm.ssl_min_ver) {
+		case SSLv2:
+		case SSLv2_plus:
+			break;
+		case TLSv1_2:
+		case TLSv1_2_plus:
+			ssl_opts |= SSL_OP_NO_TLSv1_1;
+		case TLSv1_1:
+		case TLSv1_1_plus:
+			ssl_opts |= SSL_OP_NO_TLSv1;
+		case TLSv1:
+		case TLSv1_plus:
 			ssl_opts |= SSL_OP_NO_SSLv3;
+		case SSLv3:
+		case SSLv3_plus:
+			ssl_opts |= SSL_OP_NO_SSLv2;
+			break;
 	}
 	SSL_CTX_set_options(ctx, ssl_opts);