Commit 5cf1b6b5d723a36bebf161324a6f497b021ade8d
1 parent
c427a5f0
Exists in
master
and in
3 other branches
Improving ssl protocol version properties.
Showing
1 changed file
with
54 additions
and
6 deletions
Show diff stats
src/ssl/negotiate.c
| ... | ... | @@ -137,6 +137,52 @@ int x509_store_ctx_error_callback(int ok, X509_STORE_CTX GNUC_UNUSED(*ctx)) |
| 137 | 137 | } |
| 138 | 138 | #endif // SSL_ENABLE_CRL_CHECK |
| 139 | 139 | |
| 140 | +static const struct ssl_protocol { | |
| 141 | + int id; | |
| 142 | + const char * description; | |
| 143 | +} ssl_protocols[] = { | |
| 144 | + | |
| 145 | + { | |
| 146 | + .id = SSL3_VERSION, | |
| 147 | + .description = "SSLv3" | |
| 148 | + }, | |
| 149 | + { | |
| 150 | + .id = TLS1_VERSION, | |
| 151 | + .description = "TLSv1" | |
| 152 | + }, | |
| 153 | + { | |
| 154 | + .id = TLS1_1_VERSION, | |
| 155 | + .description = "TLSv1.1" | |
| 156 | + }, | |
| 157 | + { | |
| 158 | + .id = TLS1_2_VERSION, | |
| 159 | + .description = "TLSv1.2" | |
| 160 | + }, | |
| 161 | + { | |
| 162 | + .id = DTLS1_VERSION, | |
| 163 | + .description = "DTLSv1" | |
| 164 | + }, | |
| 165 | + { | |
| 166 | + .id = DTLS1_2_VERSION, | |
| 167 | + .description = "DTLSv2" | |
| 168 | + } | |
| 169 | + | |
| 170 | +}; | |
| 171 | + | |
| 172 | +static const struct ssl_protocol * get_protocol_from_id(int id) { | |
| 173 | + | |
| 174 | + if(id < 1) | |
| 175 | + return NULL; | |
| 176 | + | |
| 177 | + id--; | |
| 178 | + | |
| 179 | + if( ((size_t) id) > (sizeof(ssl_protocols)/sizeof(ssl_protocols[0]))) | |
| 180 | + return NULL; | |
| 181 | + | |
| 182 | + return ssl_protocols + id; | |
| 183 | + | |
| 184 | +} | |
| 185 | + | |
| 140 | 186 | static int background_ssl_negotiation(H3270 *hSession, void *message) |
| 141 | 187 | { |
| 142 | 188 | int rv; |
| ... | ... | @@ -150,16 +196,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
| 150 | 196 | } |
| 151 | 197 | |
| 152 | 198 | /* Set up the TLS/SSL connection. */ |
| 153 | - if(hSession->ssl.protocol.min_version) | |
| 199 | + const struct ssl_protocol * protocol; | |
| 200 | + | |
| 201 | + if( (protocol = get_protocol_from_id(hSession->ssl.protocol.min_version)) != NULL ) | |
| 154 | 202 | { |
| 155 | - trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version); | |
| 156 | - SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version); | |
| 203 | + trace_ssl(hSession,"Minimum protocol version set to %s\n",protocol->description); | |
| 204 | + SSL_set_min_proto_version(hSession->ssl.con,protocol->id); | |
| 157 | 205 | } |
| 158 | 206 | |
| 159 | - if(hSession->ssl.protocol.max_version) | |
| 207 | + if( (protocol = get_protocol_from_id(hSession->ssl.protocol.max_version)) != NULL ) | |
| 160 | 208 | { |
| 161 | - trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version); | |
| 162 | - SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version); | |
| 209 | + trace_ssl(hSession,"Maximum protocol version set to %s\n",protocol->description); | |
| 210 | + SSL_set_max_proto_version(hSession->ssl.con,protocol->id); | |
| 163 | 211 | } |
| 164 | 212 | |
| 165 | 213 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) | ... | ... |