Commit 5fa65443d10de8f7c1edf537d22cf42d51098912
1 parent
d4ccf7cc
Exists in
master
and in
3 other branches
Implementing property to get/set the min/max ssl supported protocol
version.
Showing
4 changed files
with
33 additions
and
21 deletions
Show diff stats
src/core/properties/signed.c
| ... | ... | @@ -49,42 +49,42 @@ |
| 49 | 49 | return (int) lib3270_get_ssl_state(hSession); |
| 50 | 50 | } |
| 51 | 51 | |
| 52 | - static int lib3270_set_ssl_minimum_supported_version(H3270 *hSession, int value) | |
| 52 | + static int lib3270_set_ssl_minimum_protocol_version(H3270 *hSession, int value) | |
| 53 | 53 | { |
| 54 | 54 | #ifdef HAVE_LIBSSL |
| 55 | 55 | FAIL_IF_ONLINE(hSession); |
| 56 | - hSession->ssl.supported_version.minimum = value; | |
| 56 | + hSession->ssl.protocol.min_version = value; | |
| 57 | 57 | return 0; |
| 58 | 58 | #else |
| 59 | 59 | return ENOTSUP; |
| 60 | 60 | #endif // HAVE_LIBSSL |
| 61 | 61 | } |
| 62 | 62 | |
| 63 | - static int lib3270_set_ssl_maximum_supported_version(H3270 *hSession, int value) | |
| 63 | + static int lib3270_set_ssl_maximum_protocol_version(H3270 *hSession, int value) | |
| 64 | 64 | { |
| 65 | 65 | #ifdef HAVE_LIBSSL |
| 66 | 66 | FAIL_IF_ONLINE(hSession); |
| 67 | - hSession->ssl.supported_version.maximum = value; | |
| 67 | + hSession->ssl.protocol.max_version = value; | |
| 68 | 68 | return 0; |
| 69 | 69 | #else |
| 70 | 70 | return ENOTSUP; |
| 71 | 71 | #endif // HAVE_LIBSSL |
| 72 | 72 | } |
| 73 | 73 | |
| 74 | - static int lib3270_get_ssl_minimum_supported_version(const H3270 *hSession) | |
| 74 | + static int lib3270_get_ssl_minimum_protocol_version(const H3270 *hSession) | |
| 75 | 75 | { |
| 76 | 76 | #ifdef HAVE_LIBSSL |
| 77 | - return hSession->ssl.supported_version.minimum; | |
| 77 | + return hSession->ssl.protocol.min_version; | |
| 78 | 78 | #else |
| 79 | 79 | errno = ENOTSUP; |
| 80 | 80 | return 0; |
| 81 | 81 | #endif // HAVE_LIBSSL |
| 82 | 82 | } |
| 83 | 83 | |
| 84 | - static int lib3270_get_ssl_maximum_supported_version(const H3270 *hSession) | |
| 84 | + static int lib3270_get_ssl_maximum_protocol_version(const H3270 *hSession) | |
| 85 | 85 | { |
| 86 | 86 | #ifdef HAVE_LIBSSL |
| 87 | - return hSession->ssl.supported_version.maximum; | |
| 87 | + return hSession->ssl.protocol.max_version; | |
| 88 | 88 | #else |
| 89 | 89 | errno = ENOTSUP; |
| 90 | 90 | return 0; |
| ... | ... | @@ -118,19 +118,19 @@ |
| 118 | 118 | }, |
| 119 | 119 | |
| 120 | 120 | { |
| 121 | - .name = "ssl_minimum_version", // Property name. | |
| 122 | - .description = N_( "ID of the minimum supported SSL version" ), // Property description. | |
| 121 | + .name = "ssl_min_protocol_version", // Property name. | |
| 122 | + .description = N_( "ID of the minimum supported SSL protocol version" ), // Property description. | |
| 123 | 123 | .default_value = 0, |
| 124 | - .get = lib3270_get_ssl_minimum_supported_version, // Get value. | |
| 125 | - .set = lib3270_set_ssl_minimum_supported_version // Set value. | |
| 124 | + .get = lib3270_get_ssl_minimum_protocol_version, // Get value. | |
| 125 | + .set = lib3270_set_ssl_minimum_protocol_version // Set value. | |
| 126 | 126 | }, |
| 127 | 127 | |
| 128 | 128 | { |
| 129 | - .name = "ssl_maximum_version", // Property name. | |
| 130 | - .description = N_( "ID of the maximum supported SSL version" ), // Property description. | |
| 129 | + .name = "ssl_max_protocol_version", // Property name. | |
| 130 | + .description = N_( "ID of the maximum supported SSL protocol version" ), // Property description. | |
| 131 | 131 | .default_value = 0, |
| 132 | - .get = lib3270_get_ssl_maximum_supported_version, // Get value. | |
| 133 | - .set = lib3270_set_ssl_maximum_supported_version // Set value. | |
| 132 | + .get = lib3270_get_ssl_maximum_protocol_version, // Get value. | |
| 133 | + .set = lib3270_set_ssl_maximum_protocol_version // Set value. | |
| 134 | 134 | }, |
| 135 | 135 | |
| 136 | 136 | { | ... | ... |
src/core/session.c
| ... | ... | @@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model) |
| 411 | 411 | hSession->id = 0; |
| 412 | 412 | |
| 413 | 413 | #ifdef HAVE_LIBSSL |
| 414 | - hSession->ssl.supported_version.minimum = 0; | |
| 415 | - hSession->ssl.supported_version.maximum = 0; | |
| 414 | + hSession->ssl.protocol.min_version = 0; | |
| 415 | + hSession->ssl.protocol.max_version = 0; | |
| 416 | 416 | #endif // HAVE_LIBSSL |
| 417 | 417 | |
| 418 | 418 | #ifdef SSL_ENABLE_CRL_CHECK | ... | ... |
src/include/internals.h
| ... | ... | @@ -665,9 +665,9 @@ struct _h3270 |
| 665 | 665 | |
| 666 | 666 | struct |
| 667 | 667 | { |
| 668 | - int minimum; ///< @brief The minimum supported protocol version. | |
| 669 | - int maximum; ///< @brief The maximum supported protocol version. | |
| 670 | - } supported_version; | |
| 668 | + int min_version; ///< @brief The minimum supported protocol version. | |
| 669 | + int max_version; ///< @brief The maximum supported protocol version. | |
| 670 | + } protocol; | |
| 671 | 671 | |
| 672 | 672 | #ifdef SSL_ENABLE_CRL_CHECK |
| 673 | 673 | struct | ... | ... |
src/ssl/negotiate.c
| ... | ... | @@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
| 150 | 150 | } |
| 151 | 151 | |
| 152 | 152 | /* Set up the TLS/SSL connection. */ |
| 153 | + if(hSession->ssl.protocol.min_version) | |
| 154 | + { | |
| 155 | + trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version); | |
| 156 | + SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version); | |
| 157 | + } | |
| 158 | + | |
| 159 | + if(hSession->ssl.protocol.max_version) | |
| 160 | + { | |
| 161 | + trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version); | |
| 162 | + SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version); | |
| 163 | + } | |
| 164 | + | |
| 153 | 165 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) |
| 154 | 166 | { |
| 155 | 167 | trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); | ... | ... |