LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13596 Commits
1 Branch
46 MiB
Tree: fa86d382cb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fa86d382cb'
${ noResults }
openwrt-packages-dist/lang/luasec/patches/030-Removing-deprecated-met...

98 lines
2.6 KiB
Raw Normal View History

luasec: Update to 0.7 Switched to codeload to keep a sane source name. Backported a few useful patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago
 
  1. From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
  2. From: Bruno Silvestre <bruno.silvestre@gmail.com>
  3. Date: Mon, 2 Jul 2018 10:31:45 -0300
  4. Subject: [PATCH 3/3] Removing deprecated methods to select the protocol
  5. 

  6. Using TLS_method(), SSL_set_min_proto_version() and
  7. SSL_set_max_proto_version().
  8. ---

  9.  src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
  10.  1 file changed, 44 insertions(+), 2 deletions(-)
  11. 

  12. diff --git a/src/context.c b/src/context.c

  13. index d8fc8b6..d1377f1 100644

  14. --- a/src/context.c

  15. +++ b/src/context.c

  16. @@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)

  17.    return 0;
  18.  }
  19.  
  20. +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)

  21. +

  22.  /**
  23.   * Find the protocol.
  24.   */
  25. -static const SSL_METHOD* str2method(const char *method)

  26. +static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)

  27.  {
  28. +  if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {

  29. +    *vmin = TLS1_VERSION;

  30. +    *vmax = TLS1_2_VERSION;

  31. +    return TLS_method();

  32. +  }

  33. +  else if (!strcmp(method, "tlsv1")) {

  34. +    *vmin = TLS1_VERSION;

  35. +    *vmax = TLS1_VERSION;

  36. +    return TLS_method();

  37. +  }

  38. +  else if (!strcmp(method, "tlsv1_1")) {

  39. +    *vmin = TLS1_1_VERSION;

  40. +    *vmax = TLS1_1_VERSION;

  41. +    return TLS_method();

  42. +  }

  43. +  else if (!strcmp(method, "tlsv1_2")) {

  44. +    *vmin = TLS1_2_VERSION;

  45. +    *vmax = TLS1_2_VERSION;

  46. +    return TLS_method();

  47. +  }

  48. +

  49. +  return NULL;

  50. +}

  51. +

  52. +#else

  53. +

  54. +/**

  55. + * Find the protocol.

  56. + */

  57. +static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)

  58. +{

  59. +  (void)vmin;

  60. +  (void)vmax;

  61.    if (!strcmp(method, "any"))     return SSLv23_method();
  62.    if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
  63.    if (!strcmp(method, "tlsv1"))   return TLSv1_method();
  64. @@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)

  65.    return NULL;
  66.  }
  67.  
  68. +#endif

  69. +

  70.  /**
  71.   * Prepare the SSL handshake verify flag.
  72.   */
  73. @@ -279,9 +316,10 @@ static int create(lua_State *L)

  74.    p_context ctx;
  75.    const char *str_method;
  76.    const SSL_METHOD *method;
  77. +  int vmin, vmax;

  78.  
  79.    str_method = luaL_checkstring(L, 1);
  80. -  method = str2method(str_method);

  81. +  method = str2method(str_method, &vmin, &vmax);

  82.    if (!method) {
  83.      lua_pushnil(L);
  84.      lua_pushfstring(L, "invalid protocol (%s)", str_method);
  85. @@ -301,6 +339,10 @@ static int create(lua_State *L)

  86.        ERR_reason_error_string(ERR_get_error()));
  87.      return 2;
  88.    }
  89. +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)

  90. +  SSL_CTX_set_min_proto_version(ctx->context, vmin);

  91. +  SSL_CTX_set_max_proto_version(ctx->context, vmax);

  92. +#endif

  93.    ctx->mode = LSEC_MODE_INVALID;
  94.    ctx->L = L;
  95.    luaL_getmetatable(L, "SSL:Context");
  96. -- 

  97. 2.19.1
  98.