You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
98 lines
2.6 KiB
98 lines
2.6 KiB
From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
|
|
From: Bruno Silvestre <bruno.silvestre@gmail.com>
|
|
Date: Mon, 2 Jul 2018 10:31:45 -0300
|
|
Subject: [PATCH 3/3] Removing deprecated methods to select the protocol
|
|
|
|
Using TLS_method(), SSL_set_min_proto_version() and
|
|
SSL_set_max_proto_version().
|
|
---
|
|
src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
|
|
1 file changed, 44 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/context.c b/src/context.c
|
|
index d8fc8b6..d1377f1 100644
|
|
--- a/src/context.c
|
|
+++ b/src/context.c
|
|
@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
|
|
return 0;
|
|
}
|
|
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
+
|
|
/**
|
|
* Find the protocol.
|
|
*/
|
|
-static const SSL_METHOD* str2method(const char *method)
|
|
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
|
|
{
|
|
+ if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
|
|
+ *vmin = TLS1_VERSION;
|
|
+ *vmax = TLS1_2_VERSION;
|
|
+ return TLS_method();
|
|
+ }
|
|
+ else if (!strcmp(method, "tlsv1")) {
|
|
+ *vmin = TLS1_VERSION;
|
|
+ *vmax = TLS1_VERSION;
|
|
+ return TLS_method();
|
|
+ }
|
|
+ else if (!strcmp(method, "tlsv1_1")) {
|
|
+ *vmin = TLS1_1_VERSION;
|
|
+ *vmax = TLS1_1_VERSION;
|
|
+ return TLS_method();
|
|
+ }
|
|
+ else if (!strcmp(method, "tlsv1_2")) {
|
|
+ *vmin = TLS1_2_VERSION;
|
|
+ *vmax = TLS1_2_VERSION;
|
|
+ return TLS_method();
|
|
+ }
|
|
+
|
|
+ return NULL;
|
|
+}
|
|
+
|
|
+#else
|
|
+
|
|
+/**
|
|
+ * Find the protocol.
|
|
+ */
|
|
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
|
|
+{
|
|
+ (void)vmin;
|
|
+ (void)vmax;
|
|
if (!strcmp(method, "any")) return SSLv23_method();
|
|
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
|
|
if (!strcmp(method, "tlsv1")) return TLSv1_method();
|
|
@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
|
|
return NULL;
|
|
}
|
|
|
|
+#endif
|
|
+
|
|
/**
|
|
* Prepare the SSL handshake verify flag.
|
|
*/
|
|
@@ -279,9 +316,10 @@ static int create(lua_State *L)
|
|
p_context ctx;
|
|
const char *str_method;
|
|
const SSL_METHOD *method;
|
|
+ int vmin, vmax;
|
|
|
|
str_method = luaL_checkstring(L, 1);
|
|
- method = str2method(str_method);
|
|
+ method = str2method(str_method, &vmin, &vmax);
|
|
if (!method) {
|
|
lua_pushnil(L);
|
|
lua_pushfstring(L, "invalid protocol (%s)", str_method);
|
|
@@ -301,6 +339,10 @@ static int create(lua_State *L)
|
|
ERR_reason_error_string(ERR_get_error()));
|
|
return 2;
|
|
}
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
+ SSL_CTX_set_min_proto_version(ctx->context, vmin);
|
|
+ SSL_CTX_set_max_proto_version(ctx->context, vmax);
|
|
+#endif
|
|
ctx->mode = LSEC_MODE_INVALID;
|
|
ctx->L = L;
|
|
luaL_getmetatable(L, "SSL:Context");
|
|
--
|
|
2.19.1
|
|
|