Commit 5fa65443d10de8f7c1edf537d22cf42d51098912
1 parent
d4ccf7cc
Exists in
master
and in
3 other branches
Implementing property to get/set the min/max ssl supported protocol
version.
Showing
4 changed files
with
33 additions
and
21 deletions
Show diff stats
src/core/properties/signed.c
... | ... | @@ -49,42 +49,42 @@ |
49 | 49 | return (int) lib3270_get_ssl_state(hSession); |
50 | 50 | } |
51 | 51 | |
52 | - static int lib3270_set_ssl_minimum_supported_version(H3270 *hSession, int value) | |
52 | + static int lib3270_set_ssl_minimum_protocol_version(H3270 *hSession, int value) | |
53 | 53 | { |
54 | 54 | #ifdef HAVE_LIBSSL |
55 | 55 | FAIL_IF_ONLINE(hSession); |
56 | - hSession->ssl.supported_version.minimum = value; | |
56 | + hSession->ssl.protocol.min_version = value; | |
57 | 57 | return 0; |
58 | 58 | #else |
59 | 59 | return ENOTSUP; |
60 | 60 | #endif // HAVE_LIBSSL |
61 | 61 | } |
62 | 62 | |
63 | - static int lib3270_set_ssl_maximum_supported_version(H3270 *hSession, int value) | |
63 | + static int lib3270_set_ssl_maximum_protocol_version(H3270 *hSession, int value) | |
64 | 64 | { |
65 | 65 | #ifdef HAVE_LIBSSL |
66 | 66 | FAIL_IF_ONLINE(hSession); |
67 | - hSession->ssl.supported_version.maximum = value; | |
67 | + hSession->ssl.protocol.max_version = value; | |
68 | 68 | return 0; |
69 | 69 | #else |
70 | 70 | return ENOTSUP; |
71 | 71 | #endif // HAVE_LIBSSL |
72 | 72 | } |
73 | 73 | |
74 | - static int lib3270_get_ssl_minimum_supported_version(const H3270 *hSession) | |
74 | + static int lib3270_get_ssl_minimum_protocol_version(const H3270 *hSession) | |
75 | 75 | { |
76 | 76 | #ifdef HAVE_LIBSSL |
77 | - return hSession->ssl.supported_version.minimum; | |
77 | + return hSession->ssl.protocol.min_version; | |
78 | 78 | #else |
79 | 79 | errno = ENOTSUP; |
80 | 80 | return 0; |
81 | 81 | #endif // HAVE_LIBSSL |
82 | 82 | } |
83 | 83 | |
84 | - static int lib3270_get_ssl_maximum_supported_version(const H3270 *hSession) | |
84 | + static int lib3270_get_ssl_maximum_protocol_version(const H3270 *hSession) | |
85 | 85 | { |
86 | 86 | #ifdef HAVE_LIBSSL |
87 | - return hSession->ssl.supported_version.maximum; | |
87 | + return hSession->ssl.protocol.max_version; | |
88 | 88 | #else |
89 | 89 | errno = ENOTSUP; |
90 | 90 | return 0; |
... | ... | @@ -118,19 +118,19 @@ |
118 | 118 | }, |
119 | 119 | |
120 | 120 | { |
121 | - .name = "ssl_minimum_version", // Property name. | |
122 | - .description = N_( "ID of the minimum supported SSL version" ), // Property description. | |
121 | + .name = "ssl_min_protocol_version", // Property name. | |
122 | + .description = N_( "ID of the minimum supported SSL protocol version" ), // Property description. | |
123 | 123 | .default_value = 0, |
124 | - .get = lib3270_get_ssl_minimum_supported_version, // Get value. | |
125 | - .set = lib3270_set_ssl_minimum_supported_version // Set value. | |
124 | + .get = lib3270_get_ssl_minimum_protocol_version, // Get value. | |
125 | + .set = lib3270_set_ssl_minimum_protocol_version // Set value. | |
126 | 126 | }, |
127 | 127 | |
128 | 128 | { |
129 | - .name = "ssl_maximum_version", // Property name. | |
130 | - .description = N_( "ID of the maximum supported SSL version" ), // Property description. | |
129 | + .name = "ssl_max_protocol_version", // Property name. | |
130 | + .description = N_( "ID of the maximum supported SSL protocol version" ), // Property description. | |
131 | 131 | .default_value = 0, |
132 | - .get = lib3270_get_ssl_maximum_supported_version, // Get value. | |
133 | - .set = lib3270_set_ssl_maximum_supported_version // Set value. | |
132 | + .get = lib3270_get_ssl_maximum_protocol_version, // Get value. | |
133 | + .set = lib3270_set_ssl_maximum_protocol_version // Set value. | |
134 | 134 | }, |
135 | 135 | |
136 | 136 | { | ... | ... |
src/core/session.c
... | ... | @@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model) |
411 | 411 | hSession->id = 0; |
412 | 412 | |
413 | 413 | #ifdef HAVE_LIBSSL |
414 | - hSession->ssl.supported_version.minimum = 0; | |
415 | - hSession->ssl.supported_version.maximum = 0; | |
414 | + hSession->ssl.protocol.min_version = 0; | |
415 | + hSession->ssl.protocol.max_version = 0; | |
416 | 416 | #endif // HAVE_LIBSSL |
417 | 417 | |
418 | 418 | #ifdef SSL_ENABLE_CRL_CHECK | ... | ... |
src/include/internals.h
... | ... | @@ -665,9 +665,9 @@ struct _h3270 |
665 | 665 | |
666 | 666 | struct |
667 | 667 | { |
668 | - int minimum; ///< @brief The minimum supported protocol version. | |
669 | - int maximum; ///< @brief The maximum supported protocol version. | |
670 | - } supported_version; | |
668 | + int min_version; ///< @brief The minimum supported protocol version. | |
669 | + int max_version; ///< @brief The maximum supported protocol version. | |
670 | + } protocol; | |
671 | 671 | |
672 | 672 | #ifdef SSL_ENABLE_CRL_CHECK |
673 | 673 | struct | ... | ... |
src/ssl/negotiate.c
... | ... | @@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
150 | 150 | } |
151 | 151 | |
152 | 152 | /* Set up the TLS/SSL connection. */ |
153 | + if(hSession->ssl.protocol.min_version) | |
154 | + { | |
155 | + trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version); | |
156 | + SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version); | |
157 | + } | |
158 | + | |
159 | + if(hSession->ssl.protocol.max_version) | |
160 | + { | |
161 | + trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version); | |
162 | + SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version); | |
163 | + } | |
164 | + | |
153 | 165 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) |
154 | 166 | { |
155 | 167 | trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); | ... | ... |