You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

98 lines
2.6 KiB

From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <bruno.silvestre@gmail.com>
Date: Mon, 2 Jul 2018 10:31:45 -0300
Subject: [PATCH 3/3] Removing deprecated methods to select the protocol
Using TLS_method(), SSL_set_min_proto_version() and
SSL_set_max_proto_version().
---
src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 44 insertions(+), 2 deletions(-)
diff --git a/src/context.c b/src/context.c
index d8fc8b6..d1377f1 100644
--- a/src/context.c
+++ b/src/context.c
@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
return 0;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+
/**
* Find the protocol.
*/
-static const SSL_METHOD* str2method(const char *method)
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
{
+ if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
+ *vmin = TLS1_VERSION;
+ *vmax = TLS1_2_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1")) {
+ *vmin = TLS1_VERSION;
+ *vmax = TLS1_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1_1")) {
+ *vmin = TLS1_1_VERSION;
+ *vmax = TLS1_1_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1_2")) {
+ *vmin = TLS1_2_VERSION;
+ *vmax = TLS1_2_VERSION;
+ return TLS_method();
+ }
+
+ return NULL;
+}
+
+#else
+
+/**
+ * Find the protocol.
+ */
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
+{
+ (void)vmin;
+ (void)vmax;
if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
if (!strcmp(method, "tlsv1")) return TLSv1_method();
@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
return NULL;
}
+#endif
+
/**
* Prepare the SSL handshake verify flag.
*/
@@ -279,9 +316,10 @@ static int create(lua_State *L)
p_context ctx;
const char *str_method;
const SSL_METHOD *method;
+ int vmin, vmax;
str_method = luaL_checkstring(L, 1);
- method = str2method(str_method);
+ method = str2method(str_method, &vmin, &vmax);
if (!method) {
lua_pushnil(L);
lua_pushfstring(L, "invalid protocol (%s)", str_method);
@@ -301,6 +339,10 @@ static int create(lua_State *L)
ERR_reason_error_string(ERR_get_error()));
return 2;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+ SSL_CTX_set_min_proto_version(ctx->context, vmin);
+ SSL_CTX_set_max_proto_version(ctx->context, vmax);
+#endif
ctx->mode = LSEC_MODE_INVALID;
ctx->L = L;
luaL_getmetatable(L, "SSL:Context");
--
2.19.1