Commit 5cf1b6b5d723a36bebf161324a6f497b021ade8d

Authored by Perry Werneck
1 parent c427a5f0

Improving ssl protocol version properties.

Showing 1 changed file with 54 additions and 6 deletions   Show diff stats
src/ssl/negotiate.c
... ... @@ -137,6 +137,52 @@ int x509_store_ctx_error_callback(int ok, X509_STORE_CTX GNUC_UNUSED(*ctx))
137 137 }
138 138 #endif // SSL_ENABLE_CRL_CHECK
139 139  
  140 +static const struct ssl_protocol {
  141 + int id;
  142 + const char * description;
  143 +} ssl_protocols[] = {
  144 +
  145 + {
  146 + .id = SSL3_VERSION,
  147 + .description = "SSLv3"
  148 + },
  149 + {
  150 + .id = TLS1_VERSION,
  151 + .description = "TLSv1"
  152 + },
  153 + {
  154 + .id = TLS1_1_VERSION,
  155 + .description = "TLSv1.1"
  156 + },
  157 + {
  158 + .id = TLS1_2_VERSION,
  159 + .description = "TLSv1.2"
  160 + },
  161 + {
  162 + .id = DTLS1_VERSION,
  163 + .description = "DTLSv1"
  164 + },
  165 + {
  166 + .id = DTLS1_2_VERSION,
  167 + .description = "DTLSv2"
  168 + }
  169 +
  170 +};
  171 +
  172 +static const struct ssl_protocol * get_protocol_from_id(int id) {
  173 +
  174 + if(id < 1)
  175 + return NULL;
  176 +
  177 + id--;
  178 +
  179 + if( ((size_t) id) > (sizeof(ssl_protocols)/sizeof(ssl_protocols[0])))
  180 + return NULL;
  181 +
  182 + return ssl_protocols + id;
  183 +
  184 +}
  185 +
140 186 static int background_ssl_negotiation(H3270 *hSession, void *message)
141 187 {
142 188 int rv;
... ... @@ -150,16 +196,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
150 196 }
151 197  
152 198 /* Set up the TLS/SSL connection. */
153   - if(hSession->ssl.protocol.min_version)
  199 + const struct ssl_protocol * protocol;
  200 +
  201 + if( (protocol = get_protocol_from_id(hSession->ssl.protocol.min_version)) != NULL )
154 202 {
155   - trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version);
156   - SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version);
  203 + trace_ssl(hSession,"Minimum protocol version set to %s\n",protocol->description);
  204 + SSL_set_min_proto_version(hSession->ssl.con,protocol->id);
157 205 }
158 206  
159   - if(hSession->ssl.protocol.max_version)
  207 + if( (protocol = get_protocol_from_id(hSession->ssl.protocol.max_version)) != NULL )
160 208 {
161   - trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version);
162   - SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version);
  209 + trace_ssl(hSession,"Maximum protocol version set to %s\n",protocol->description);
  210 + SSL_set_max_proto_version(hSession->ssl.con,protocol->id);
163 211 }
164 212  
165 213 if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1)
... ...