Commit 5fa65443d10de8f7c1edf537d22cf42d51098912

Authored by Perry Werneck
1 parent d4ccf7cc

Implementing property to get/set the min/max ssl supported protocol

version.
src/core/properties/signed.c
... ... @@ -49,42 +49,42 @@
49 49 return (int) lib3270_get_ssl_state(hSession);
50 50 }
51 51  
52   - static int lib3270_set_ssl_minimum_supported_version(H3270 *hSession, int value)
  52 + static int lib3270_set_ssl_minimum_protocol_version(H3270 *hSession, int value)
53 53 {
54 54 #ifdef HAVE_LIBSSL
55 55 FAIL_IF_ONLINE(hSession);
56   - hSession->ssl.supported_version.minimum = value;
  56 + hSession->ssl.protocol.min_version = value;
57 57 return 0;
58 58 #else
59 59 return ENOTSUP;
60 60 #endif // HAVE_LIBSSL
61 61 }
62 62  
63   - static int lib3270_set_ssl_maximum_supported_version(H3270 *hSession, int value)
  63 + static int lib3270_set_ssl_maximum_protocol_version(H3270 *hSession, int value)
64 64 {
65 65 #ifdef HAVE_LIBSSL
66 66 FAIL_IF_ONLINE(hSession);
67   - hSession->ssl.supported_version.maximum = value;
  67 + hSession->ssl.protocol.max_version = value;
68 68 return 0;
69 69 #else
70 70 return ENOTSUP;
71 71 #endif // HAVE_LIBSSL
72 72 }
73 73  
74   - static int lib3270_get_ssl_minimum_supported_version(const H3270 *hSession)
  74 + static int lib3270_get_ssl_minimum_protocol_version(const H3270 *hSession)
75 75 {
76 76 #ifdef HAVE_LIBSSL
77   - return hSession->ssl.supported_version.minimum;
  77 + return hSession->ssl.protocol.min_version;
78 78 #else
79 79 errno = ENOTSUP;
80 80 return 0;
81 81 #endif // HAVE_LIBSSL
82 82 }
83 83  
84   - static int lib3270_get_ssl_maximum_supported_version(const H3270 *hSession)
  84 + static int lib3270_get_ssl_maximum_protocol_version(const H3270 *hSession)
85 85 {
86 86 #ifdef HAVE_LIBSSL
87   - return hSession->ssl.supported_version.maximum;
  87 + return hSession->ssl.protocol.max_version;
88 88 #else
89 89 errno = ENOTSUP;
90 90 return 0;
... ... @@ -118,19 +118,19 @@
118 118 },
119 119  
120 120 {
121   - .name = "ssl_minimum_version", // Property name.
122   - .description = N_( "ID of the minimum supported SSL version" ), // Property description.
  121 + .name = "ssl_min_protocol_version", // Property name.
  122 + .description = N_( "ID of the minimum supported SSL protocol version" ), // Property description.
123 123 .default_value = 0,
124   - .get = lib3270_get_ssl_minimum_supported_version, // Get value.
125   - .set = lib3270_set_ssl_minimum_supported_version // Set value.
  124 + .get = lib3270_get_ssl_minimum_protocol_version, // Get value.
  125 + .set = lib3270_set_ssl_minimum_protocol_version // Set value.
126 126 },
127 127  
128 128 {
129   - .name = "ssl_maximum_version", // Property name.
130   - .description = N_( "ID of the maximum supported SSL version" ), // Property description.
  129 + .name = "ssl_max_protocol_version", // Property name.
  130 + .description = N_( "ID of the maximum supported SSL protocol version" ), // Property description.
131 131 .default_value = 0,
132   - .get = lib3270_get_ssl_maximum_supported_version, // Get value.
133   - .set = lib3270_set_ssl_maximum_supported_version // Set value.
  132 + .get = lib3270_get_ssl_maximum_protocol_version, // Get value.
  133 + .set = lib3270_set_ssl_maximum_protocol_version // Set value.
134 134 },
135 135  
136 136 {
... ...
src/core/session.c
... ... @@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model)
411 411 hSession->id = 0;
412 412  
413 413 #ifdef HAVE_LIBSSL
414   - hSession->ssl.supported_version.minimum = 0;
415   - hSession->ssl.supported_version.maximum = 0;
  414 + hSession->ssl.protocol.min_version = 0;
  415 + hSession->ssl.protocol.max_version = 0;
416 416 #endif // HAVE_LIBSSL
417 417  
418 418 #ifdef SSL_ENABLE_CRL_CHECK
... ...
src/include/internals.h
... ... @@ -665,9 +665,9 @@ struct _h3270
665 665  
666 666 struct
667 667 {
668   - int minimum; ///< @brief The minimum supported protocol version.
669   - int maximum; ///< @brief The maximum supported protocol version.
670   - } supported_version;
  668 + int min_version; ///< @brief The minimum supported protocol version.
  669 + int max_version; ///< @brief The maximum supported protocol version.
  670 + } protocol;
671 671  
672 672 #ifdef SSL_ENABLE_CRL_CHECK
673 673 struct
... ...
src/ssl/negotiate.c
... ... @@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
150 150 }
151 151  
152 152 /* Set up the TLS/SSL connection. */
  153 + if(hSession->ssl.protocol.min_version)
  154 + {
  155 + trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version);
  156 + SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version);
  157 + }
  158 +
  159 + if(hSession->ssl.protocol.max_version)
  160 + {
  161 + trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version);
  162 + SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version);
  163 + }
  164 +
153 165 if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1)
154 166 {
155 167 trace_ssl(hSession,"%s","SSL_set_fd failed!\n");
... ...