Commit 5cf1b6b5d723a36bebf161324a6f497b021ade8d
1 parent
c427a5f0
Exists in
master
and in
3 other branches
Improving ssl protocol version properties.
Showing
1 changed file
with
54 additions
and
6 deletions
Show diff stats
src/ssl/negotiate.c
| @@ -137,6 +137,52 @@ int x509_store_ctx_error_callback(int ok, X509_STORE_CTX GNUC_UNUSED(*ctx)) | @@ -137,6 +137,52 @@ int x509_store_ctx_error_callback(int ok, X509_STORE_CTX GNUC_UNUSED(*ctx)) | ||
| 137 | } | 137 | } |
| 138 | #endif // SSL_ENABLE_CRL_CHECK | 138 | #endif // SSL_ENABLE_CRL_CHECK |
| 139 | 139 | ||
| 140 | +static const struct ssl_protocol { | ||
| 141 | + int id; | ||
| 142 | + const char * description; | ||
| 143 | +} ssl_protocols[] = { | ||
| 144 | + | ||
| 145 | + { | ||
| 146 | + .id = SSL3_VERSION, | ||
| 147 | + .description = "SSLv3" | ||
| 148 | + }, | ||
| 149 | + { | ||
| 150 | + .id = TLS1_VERSION, | ||
| 151 | + .description = "TLSv1" | ||
| 152 | + }, | ||
| 153 | + { | ||
| 154 | + .id = TLS1_1_VERSION, | ||
| 155 | + .description = "TLSv1.1" | ||
| 156 | + }, | ||
| 157 | + { | ||
| 158 | + .id = TLS1_2_VERSION, | ||
| 159 | + .description = "TLSv1.2" | ||
| 160 | + }, | ||
| 161 | + { | ||
| 162 | + .id = DTLS1_VERSION, | ||
| 163 | + .description = "DTLSv1" | ||
| 164 | + }, | ||
| 165 | + { | ||
| 166 | + .id = DTLS1_2_VERSION, | ||
| 167 | + .description = "DTLSv2" | ||
| 168 | + } | ||
| 169 | + | ||
| 170 | +}; | ||
| 171 | + | ||
| 172 | +static const struct ssl_protocol * get_protocol_from_id(int id) { | ||
| 173 | + | ||
| 174 | + if(id < 1) | ||
| 175 | + return NULL; | ||
| 176 | + | ||
| 177 | + id--; | ||
| 178 | + | ||
| 179 | + if( ((size_t) id) > (sizeof(ssl_protocols)/sizeof(ssl_protocols[0]))) | ||
| 180 | + return NULL; | ||
| 181 | + | ||
| 182 | + return ssl_protocols + id; | ||
| 183 | + | ||
| 184 | +} | ||
| 185 | + | ||
| 140 | static int background_ssl_negotiation(H3270 *hSession, void *message) | 186 | static int background_ssl_negotiation(H3270 *hSession, void *message) |
| 141 | { | 187 | { |
| 142 | int rv; | 188 | int rv; |
| @@ -150,16 +196,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -150,16 +196,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 150 | } | 196 | } |
| 151 | 197 | ||
| 152 | /* Set up the TLS/SSL connection. */ | 198 | /* Set up the TLS/SSL connection. */ |
| 153 | - if(hSession->ssl.protocol.min_version) | 199 | + const struct ssl_protocol * protocol; |
| 200 | + | ||
| 201 | + if( (protocol = get_protocol_from_id(hSession->ssl.protocol.min_version)) != NULL ) | ||
| 154 | { | 202 | { |
| 155 | - trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version); | ||
| 156 | - SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version); | 203 | + trace_ssl(hSession,"Minimum protocol version set to %s\n",protocol->description); |
| 204 | + SSL_set_min_proto_version(hSession->ssl.con,protocol->id); | ||
| 157 | } | 205 | } |
| 158 | 206 | ||
| 159 | - if(hSession->ssl.protocol.max_version) | 207 | + if( (protocol = get_protocol_from_id(hSession->ssl.protocol.max_version)) != NULL ) |
| 160 | { | 208 | { |
| 161 | - trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version); | ||
| 162 | - SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version); | 209 | + trace_ssl(hSession,"Maximum protocol version set to %s\n",protocol->description); |
| 210 | + SSL_set_max_proto_version(hSession->ssl.con,protocol->id); | ||
| 163 | } | 211 | } |
| 164 | 212 | ||
| 165 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) | 213 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) |