Signed-off-by: W. Michael Petullo <mike@flyn.org>lilik-openwrt-22.03
@ -1,49 +0,0 @@ | |||
From 8212b89f1a04023b431d2fc9bc12aca02394698f Mon Sep 17 00:00:00 2001 | |||
From: Bruno Silvestre <bruno.silvestre@gmail.com> | |||
Date: Fri, 29 Jun 2018 14:02:39 -0300 | |||
Subject: [PATCH 1/3] Using 'const SSL_METHOD*' | |||
This change was introduced in OpenSSL 1.0.0. | |||
Start droping 0.9.8 code. | |||
--- | |||
src/context.c | 10 ++-------- | |||
1 file changed, 2 insertions(+), 8 deletions(-) | |||
diff --git a/src/context.c b/src/context.c | |||
index a2b5ae5..b9e8cda 100644 | |||
--- a/src/context.c | |||
+++ b/src/context.c | |||
@@ -29,12 +29,6 @@ | |||
#include "ec.h" | |||
#endif | |||
-#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) | |||
-typedef const SSL_METHOD LSEC_SSL_METHOD; | |||
-#else | |||
-typedef SSL_METHOD LSEC_SSL_METHOD; | |||
-#endif | |||
- | |||
/*--------------------------- Auxiliary Functions ----------------------------*/ | |||
/** | |||
@@ -68,7 +62,7 @@ static int set_option_flag(const char *opt, unsigned long *flag) | |||
/** | |||
* Find the protocol. | |||
*/ | |||
-static LSEC_SSL_METHOD* str2method(const char *method) | |||
+static const SSL_METHOD* str2method(const char *method) | |||
{ | |||
if (!strcmp(method, "any")) return SSLv23_method(); | |||
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated | |||
@@ -287,7 +281,7 @@ static int create(lua_State *L) | |||
{ | |||
p_context ctx; | |||
const char *str_method; | |||
- LSEC_SSL_METHOD *method; | |||
+ const SSL_METHOD *method; | |||
str_method = luaL_checkstring(L, 1); | |||
method = str2method(str_method); | |||
-- | |||
2.19.1 | |||
@ -1,43 +0,0 @@ | |||
From 89bdc6148cd8cffb1483f4fc0aa14d636f8f5b4f Mon Sep 17 00:00:00 2001 | |||
From: Bruno Silvestre <bruno.silvestre@gmail.com> | |||
Date: Fri, 29 Jun 2018 14:06:51 -0300 | |||
Subject: [PATCH 2/3] Removing SSLv3 support | |||
--- | |||
src/config.c | 5 ----- | |||
src/context.c | 3 --- | |||
2 files changed, 8 deletions(-) | |||
diff --git a/src/config.c b/src/config.c | |||
index ce74997..6939fca 100644 | |||
--- a/src/config.c | |||
+++ b/src/config.c | |||
@@ -32,11 +32,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L) | |||
lua_pushstring(L, "protocols"); | |||
lua_newtable(L); | |||
-#ifndef OPENSSL_NO_SSL3 | |||
- lua_pushstring(L, "sslv3"); | |||
- lua_pushboolean(L, 1); | |||
- lua_rawset(L, -3); | |||
-#endif | |||
lua_pushstring(L, "tlsv1"); | |||
lua_pushboolean(L, 1); | |||
lua_rawset(L, -3); | |||
diff --git a/src/context.c b/src/context.c | |||
index b9e8cda..d8fc8b6 100644 | |||
--- a/src/context.c | |||
+++ b/src/context.c | |||
@@ -66,9 +66,6 @@ static const SSL_METHOD* str2method(const char *method) | |||
{ | |||
if (!strcmp(method, "any")) return SSLv23_method(); | |||
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated | |||
-#ifndef OPENSSL_NO_SSL3 | |||
- if (!strcmp(method, "sslv3")) return SSLv3_method(); | |||
-#endif | |||
if (!strcmp(method, "tlsv1")) return TLSv1_method(); | |||
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) | |||
if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method(); | |||
-- | |||
2.19.1 | |||
@ -1,98 +0,0 @@ | |||
From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001 | |||
From: Bruno Silvestre <bruno.silvestre@gmail.com> | |||
Date: Mon, 2 Jul 2018 10:31:45 -0300 | |||
Subject: [PATCH 3/3] Removing deprecated methods to select the protocol | |||
Using TLS_method(), SSL_set_min_proto_version() and | |||
SSL_set_max_proto_version(). | |||
--- | |||
src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-- | |||
1 file changed, 44 insertions(+), 2 deletions(-) | |||
diff --git a/src/context.c b/src/context.c | |||
index d8fc8b6..d1377f1 100644 | |||
--- a/src/context.c | |||
+++ b/src/context.c | |||
@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag) | |||
return 0; | |||
} | |||
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) | |||
+ | |||
/** | |||
* Find the protocol. | |||
*/ | |||
-static const SSL_METHOD* str2method(const char *method) | |||
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax) | |||
{ | |||
+ if (!strcmp(method, "any") || !strcmp(method, "sslv23")) { | |||
+ *vmin = TLS1_VERSION; | |||
+ *vmax = TLS1_2_VERSION; | |||
+ return TLS_method(); | |||
+ } | |||
+ else if (!strcmp(method, "tlsv1")) { | |||
+ *vmin = TLS1_VERSION; | |||
+ *vmax = TLS1_VERSION; | |||
+ return TLS_method(); | |||
+ } | |||
+ else if (!strcmp(method, "tlsv1_1")) { | |||
+ *vmin = TLS1_1_VERSION; | |||
+ *vmax = TLS1_1_VERSION; | |||
+ return TLS_method(); | |||
+ } | |||
+ else if (!strcmp(method, "tlsv1_2")) { | |||
+ *vmin = TLS1_2_VERSION; | |||
+ *vmax = TLS1_2_VERSION; | |||
+ return TLS_method(); | |||
+ } | |||
+ | |||
+ return NULL; | |||
+} | |||
+ | |||
+#else | |||
+ | |||
+/** | |||
+ * Find the protocol. | |||
+ */ | |||
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax) | |||
+{ | |||
+ (void)vmin; | |||
+ (void)vmax; | |||
if (!strcmp(method, "any")) return SSLv23_method(); | |||
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated | |||
if (!strcmp(method, "tlsv1")) return TLSv1_method(); | |||
@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method) | |||
return NULL; | |||
} | |||
+#endif | |||
+ | |||
/** | |||
* Prepare the SSL handshake verify flag. | |||
*/ | |||
@@ -279,9 +316,10 @@ static int create(lua_State *L) | |||
p_context ctx; | |||
const char *str_method; | |||
const SSL_METHOD *method; | |||
+ int vmin, vmax; | |||
str_method = luaL_checkstring(L, 1); | |||
- method = str2method(str_method); | |||
+ method = str2method(str_method, &vmin, &vmax); | |||
if (!method) { | |||
lua_pushnil(L); | |||
lua_pushfstring(L, "invalid protocol (%s)", str_method); | |||
@@ -301,6 +339,10 @@ static int create(lua_State *L) | |||
ERR_reason_error_string(ERR_get_error())); | |||
return 2; | |||
} | |||
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) | |||
+ SSL_CTX_set_min_proto_version(ctx->context, vmin); | |||
+ SSL_CTX_set_max_proto_version(ctx->context, vmax); | |||
+#endif | |||
ctx->mode = LSEC_MODE_INVALID; | |||
ctx->L = L; | |||
luaL_getmetatable(L, "SSL:Context"); | |||
-- | |||
2.19.1 | |||