Signed-off-by: W. Michael Petullo <mike@flyn.org>lilik-openwrt-22.03
@ -1,49 +0,0 @@ | |||||
From 8212b89f1a04023b431d2fc9bc12aca02394698f Mon Sep 17 00:00:00 2001 | |||||
From: Bruno Silvestre <bruno.silvestre@gmail.com> | |||||
Date: Fri, 29 Jun 2018 14:02:39 -0300 | |||||
Subject: [PATCH 1/3] Using 'const SSL_METHOD*' | |||||
This change was introduced in OpenSSL 1.0.0. | |||||
Start droping 0.9.8 code. | |||||
--- | |||||
src/context.c | 10 ++-------- | |||||
1 file changed, 2 insertions(+), 8 deletions(-) | |||||
diff --git a/src/context.c b/src/context.c | |||||
index a2b5ae5..b9e8cda 100644 | |||||
--- a/src/context.c | |||||
+++ b/src/context.c | |||||
@@ -29,12 +29,6 @@ | |||||
#include "ec.h" | |||||
#endif | |||||
-#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) | |||||
-typedef const SSL_METHOD LSEC_SSL_METHOD; | |||||
-#else | |||||
-typedef SSL_METHOD LSEC_SSL_METHOD; | |||||
-#endif | |||||
- | |||||
/*--------------------------- Auxiliary Functions ----------------------------*/ | |||||
/** | |||||
@@ -68,7 +62,7 @@ static int set_option_flag(const char *opt, unsigned long *flag) | |||||
/** | |||||
* Find the protocol. | |||||
*/ | |||||
-static LSEC_SSL_METHOD* str2method(const char *method) | |||||
+static const SSL_METHOD* str2method(const char *method) | |||||
{ | |||||
if (!strcmp(method, "any")) return SSLv23_method(); | |||||
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated | |||||
@@ -287,7 +281,7 @@ static int create(lua_State *L) | |||||
{ | |||||
p_context ctx; | |||||
const char *str_method; | |||||
- LSEC_SSL_METHOD *method; | |||||
+ const SSL_METHOD *method; | |||||
str_method = luaL_checkstring(L, 1); | |||||
method = str2method(str_method); | |||||
-- | |||||
2.19.1 | |||||
@ -1,43 +0,0 @@ | |||||
From 89bdc6148cd8cffb1483f4fc0aa14d636f8f5b4f Mon Sep 17 00:00:00 2001 | |||||
From: Bruno Silvestre <bruno.silvestre@gmail.com> | |||||
Date: Fri, 29 Jun 2018 14:06:51 -0300 | |||||
Subject: [PATCH 2/3] Removing SSLv3 support | |||||
--- | |||||
src/config.c | 5 ----- | |||||
src/context.c | 3 --- | |||||
2 files changed, 8 deletions(-) | |||||
diff --git a/src/config.c b/src/config.c | |||||
index ce74997..6939fca 100644 | |||||
--- a/src/config.c | |||||
+++ b/src/config.c | |||||
@@ -32,11 +32,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L) | |||||
lua_pushstring(L, "protocols"); | |||||
lua_newtable(L); | |||||
-#ifndef OPENSSL_NO_SSL3 | |||||
- lua_pushstring(L, "sslv3"); | |||||
- lua_pushboolean(L, 1); | |||||
- lua_rawset(L, -3); | |||||
-#endif | |||||
lua_pushstring(L, "tlsv1"); | |||||
lua_pushboolean(L, 1); | |||||
lua_rawset(L, -3); | |||||
diff --git a/src/context.c b/src/context.c | |||||
index b9e8cda..d8fc8b6 100644 | |||||
--- a/src/context.c | |||||
+++ b/src/context.c | |||||
@@ -66,9 +66,6 @@ static const SSL_METHOD* str2method(const char *method) | |||||
{ | |||||
if (!strcmp(method, "any")) return SSLv23_method(); | |||||
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated | |||||
-#ifndef OPENSSL_NO_SSL3 | |||||
- if (!strcmp(method, "sslv3")) return SSLv3_method(); | |||||
-#endif | |||||
if (!strcmp(method, "tlsv1")) return TLSv1_method(); | |||||
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL) | |||||
if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method(); | |||||
-- | |||||
2.19.1 | |||||
@ -1,98 +0,0 @@ | |||||
From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001 | |||||
From: Bruno Silvestre <bruno.silvestre@gmail.com> | |||||
Date: Mon, 2 Jul 2018 10:31:45 -0300 | |||||
Subject: [PATCH 3/3] Removing deprecated methods to select the protocol | |||||
Using TLS_method(), SSL_set_min_proto_version() and | |||||
SSL_set_max_proto_version(). | |||||
--- | |||||
src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-- | |||||
1 file changed, 44 insertions(+), 2 deletions(-) | |||||
diff --git a/src/context.c b/src/context.c | |||||
index d8fc8b6..d1377f1 100644 | |||||
--- a/src/context.c | |||||
+++ b/src/context.c | |||||
@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag) | |||||
return 0; | |||||
} | |||||
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) | |||||
+ | |||||
/** | |||||
* Find the protocol. | |||||
*/ | |||||
-static const SSL_METHOD* str2method(const char *method) | |||||
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax) | |||||
{ | |||||
+ if (!strcmp(method, "any") || !strcmp(method, "sslv23")) { | |||||
+ *vmin = TLS1_VERSION; | |||||
+ *vmax = TLS1_2_VERSION; | |||||
+ return TLS_method(); | |||||
+ } | |||||
+ else if (!strcmp(method, "tlsv1")) { | |||||
+ *vmin = TLS1_VERSION; | |||||
+ *vmax = TLS1_VERSION; | |||||
+ return TLS_method(); | |||||
+ } | |||||
+ else if (!strcmp(method, "tlsv1_1")) { | |||||
+ *vmin = TLS1_1_VERSION; | |||||
+ *vmax = TLS1_1_VERSION; | |||||
+ return TLS_method(); | |||||
+ } | |||||
+ else if (!strcmp(method, "tlsv1_2")) { | |||||
+ *vmin = TLS1_2_VERSION; | |||||
+ *vmax = TLS1_2_VERSION; | |||||
+ return TLS_method(); | |||||
+ } | |||||
+ | |||||
+ return NULL; | |||||
+} | |||||
+ | |||||
+#else | |||||
+ | |||||
+/** | |||||
+ * Find the protocol. | |||||
+ */ | |||||
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax) | |||||
+{ | |||||
+ (void)vmin; | |||||
+ (void)vmax; | |||||
if (!strcmp(method, "any")) return SSLv23_method(); | |||||
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated | |||||
if (!strcmp(method, "tlsv1")) return TLSv1_method(); | |||||
@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method) | |||||
return NULL; | |||||
} | |||||
+#endif | |||||
+ | |||||
/** | |||||
* Prepare the SSL handshake verify flag. | |||||
*/ | |||||
@@ -279,9 +316,10 @@ static int create(lua_State *L) | |||||
p_context ctx; | |||||
const char *str_method; | |||||
const SSL_METHOD *method; | |||||
+ int vmin, vmax; | |||||
str_method = luaL_checkstring(L, 1); | |||||
- method = str2method(str_method); | |||||
+ method = str2method(str_method, &vmin, &vmax); | |||||
if (!method) { | |||||
lua_pushnil(L); | |||||
lua_pushfstring(L, "invalid protocol (%s)", str_method); | |||||
@@ -301,6 +339,10 @@ static int create(lua_State *L) | |||||
ERR_reason_error_string(ERR_get_error())); | |||||
return 2; | |||||
} | |||||
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) | |||||
+ SSL_CTX_set_min_proto_version(ctx->context, vmin); | |||||
+ SSL_CTX_set_max_proto_version(ctx->context, vmax); | |||||
+#endif | |||||
ctx->mode = LSEC_MODE_INVALID; | |||||
ctx->L = L; | |||||
luaL_getmetatable(L, "SSL:Context"); | |||||
-- | |||||
2.19.1 | |||||