Commit 5cf1b6b5d723a36bebf161324a6f497b021ade8d
1 parent
c427a5f0
Exists in
master
and in
3 other branches
Improving ssl protocol version properties.
Showing
1 changed file
with
54 additions
and
6 deletions
Show diff stats
src/ssl/negotiate.c
... | ... | @@ -137,6 +137,52 @@ int x509_store_ctx_error_callback(int ok, X509_STORE_CTX GNUC_UNUSED(*ctx)) |
137 | 137 | } |
138 | 138 | #endif // SSL_ENABLE_CRL_CHECK |
139 | 139 | |
140 | +static const struct ssl_protocol { | |
141 | + int id; | |
142 | + const char * description; | |
143 | +} ssl_protocols[] = { | |
144 | + | |
145 | + { | |
146 | + .id = SSL3_VERSION, | |
147 | + .description = "SSLv3" | |
148 | + }, | |
149 | + { | |
150 | + .id = TLS1_VERSION, | |
151 | + .description = "TLSv1" | |
152 | + }, | |
153 | + { | |
154 | + .id = TLS1_1_VERSION, | |
155 | + .description = "TLSv1.1" | |
156 | + }, | |
157 | + { | |
158 | + .id = TLS1_2_VERSION, | |
159 | + .description = "TLSv1.2" | |
160 | + }, | |
161 | + { | |
162 | + .id = DTLS1_VERSION, | |
163 | + .description = "DTLSv1" | |
164 | + }, | |
165 | + { | |
166 | + .id = DTLS1_2_VERSION, | |
167 | + .description = "DTLSv2" | |
168 | + } | |
169 | + | |
170 | +}; | |
171 | + | |
172 | +static const struct ssl_protocol * get_protocol_from_id(int id) { | |
173 | + | |
174 | + if(id < 1) | |
175 | + return NULL; | |
176 | + | |
177 | + id--; | |
178 | + | |
179 | + if( ((size_t) id) > (sizeof(ssl_protocols)/sizeof(ssl_protocols[0]))) | |
180 | + return NULL; | |
181 | + | |
182 | + return ssl_protocols + id; | |
183 | + | |
184 | +} | |
185 | + | |
140 | 186 | static int background_ssl_negotiation(H3270 *hSession, void *message) |
141 | 187 | { |
142 | 188 | int rv; |
... | ... | @@ -150,16 +196,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
150 | 196 | } |
151 | 197 | |
152 | 198 | /* Set up the TLS/SSL connection. */ |
153 | - if(hSession->ssl.protocol.min_version) | |
199 | + const struct ssl_protocol * protocol; | |
200 | + | |
201 | + if( (protocol = get_protocol_from_id(hSession->ssl.protocol.min_version)) != NULL ) | |
154 | 202 | { |
155 | - trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version); | |
156 | - SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version); | |
203 | + trace_ssl(hSession,"Minimum protocol version set to %s\n",protocol->description); | |
204 | + SSL_set_min_proto_version(hSession->ssl.con,protocol->id); | |
157 | 205 | } |
158 | 206 | |
159 | - if(hSession->ssl.protocol.max_version) | |
207 | + if( (protocol = get_protocol_from_id(hSession->ssl.protocol.max_version)) != NULL ) | |
160 | 208 | { |
161 | - trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version); | |
162 | - SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version); | |
209 | + trace_ssl(hSession,"Maximum protocol version set to %s\n",protocol->description); | |
210 | + SSL_set_max_proto_version(hSession->ssl.con,protocol->id); | |
163 | 211 | } |
164 | 212 | |
165 | 213 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) | ... | ... |