From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001 From: Bruno Silvestre Date: Mon, 2 Jul 2018 10:31:45 -0300 Subject: [PATCH 3/3] Removing deprecated methods to select the protocol Using TLS_method(), SSL_set_min_proto_version() and SSL_set_max_proto_version(). --- src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/src/context.c b/src/context.c index d8fc8b6..d1377f1 100644 --- a/src/context.c +++ b/src/context.c @@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag) return 0; } +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) + /** * Find the protocol. */ -static const SSL_METHOD* str2method(const char *method) +static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax) { + if (!strcmp(method, "any") || !strcmp(method, "sslv23")) { + *vmin = TLS1_VERSION; + *vmax = TLS1_2_VERSION; + return TLS_method(); + } + else if (!strcmp(method, "tlsv1")) { + *vmin = TLS1_VERSION; + *vmax = TLS1_VERSION; + return TLS_method(); + } + else if (!strcmp(method, "tlsv1_1")) { + *vmin = TLS1_1_VERSION; + *vmax = TLS1_1_VERSION; + return TLS_method(); + } + else if (!strcmp(method, "tlsv1_2")) { + *vmin = TLS1_2_VERSION; + *vmax = TLS1_2_VERSION; + return TLS_method(); + } + + return NULL; +} + +#else + +/** + * Find the protocol. + */ +static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax) +{ + (void)vmin; + (void)vmax; if (!strcmp(method, "any")) return SSLv23_method(); if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated if (!strcmp(method, "tlsv1")) return TLSv1_method(); @@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method) return NULL; } +#endif + /** * Prepare the SSL handshake verify flag. */ @@ -279,9 +316,10 @@ static int create(lua_State *L) p_context ctx; const char *str_method; const SSL_METHOD *method; + int vmin, vmax; str_method = luaL_checkstring(L, 1); - method = str2method(str_method); + method = str2method(str_method, &vmin, &vmax); if (!method) { lua_pushnil(L); lua_pushfstring(L, "invalid protocol (%s)", str_method); @@ -301,6 +339,10 @@ static int create(lua_State *L) ERR_reason_error_string(ERR_get_error())); return 2; } +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) + SSL_CTX_set_min_proto_version(ctx->context, vmin); + SSL_CTX_set_max_proto_version(ctx->context, vmax); +#endif ctx->mode = LSEC_MODE_INVALID; ctx->L = L; luaL_getmetatable(L, "SSL:Context"); -- 2.19.1