Commit 5fa65443d10de8f7c1edf537d22cf42d51098912
1 parent
d4ccf7cc
Exists in
master
and in
3 other branches
Implementing property to get/set the min/max ssl supported protocol
version.
Showing
4 changed files
with
33 additions
and
21 deletions
Show diff stats
src/core/properties/signed.c
| @@ -49,42 +49,42 @@ | @@ -49,42 +49,42 @@ | ||
| 49 | return (int) lib3270_get_ssl_state(hSession); | 49 | return (int) lib3270_get_ssl_state(hSession); |
| 50 | } | 50 | } |
| 51 | 51 | ||
| 52 | - static int lib3270_set_ssl_minimum_supported_version(H3270 *hSession, int value) | 52 | + static int lib3270_set_ssl_minimum_protocol_version(H3270 *hSession, int value) |
| 53 | { | 53 | { |
| 54 | #ifdef HAVE_LIBSSL | 54 | #ifdef HAVE_LIBSSL |
| 55 | FAIL_IF_ONLINE(hSession); | 55 | FAIL_IF_ONLINE(hSession); |
| 56 | - hSession->ssl.supported_version.minimum = value; | 56 | + hSession->ssl.protocol.min_version = value; |
| 57 | return 0; | 57 | return 0; |
| 58 | #else | 58 | #else |
| 59 | return ENOTSUP; | 59 | return ENOTSUP; |
| 60 | #endif // HAVE_LIBSSL | 60 | #endif // HAVE_LIBSSL |
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | - static int lib3270_set_ssl_maximum_supported_version(H3270 *hSession, int value) | 63 | + static int lib3270_set_ssl_maximum_protocol_version(H3270 *hSession, int value) |
| 64 | { | 64 | { |
| 65 | #ifdef HAVE_LIBSSL | 65 | #ifdef HAVE_LIBSSL |
| 66 | FAIL_IF_ONLINE(hSession); | 66 | FAIL_IF_ONLINE(hSession); |
| 67 | - hSession->ssl.supported_version.maximum = value; | 67 | + hSession->ssl.protocol.max_version = value; |
| 68 | return 0; | 68 | return 0; |
| 69 | #else | 69 | #else |
| 70 | return ENOTSUP; | 70 | return ENOTSUP; |
| 71 | #endif // HAVE_LIBSSL | 71 | #endif // HAVE_LIBSSL |
| 72 | } | 72 | } |
| 73 | 73 | ||
| 74 | - static int lib3270_get_ssl_minimum_supported_version(const H3270 *hSession) | 74 | + static int lib3270_get_ssl_minimum_protocol_version(const H3270 *hSession) |
| 75 | { | 75 | { |
| 76 | #ifdef HAVE_LIBSSL | 76 | #ifdef HAVE_LIBSSL |
| 77 | - return hSession->ssl.supported_version.minimum; | 77 | + return hSession->ssl.protocol.min_version; |
| 78 | #else | 78 | #else |
| 79 | errno = ENOTSUP; | 79 | errno = ENOTSUP; |
| 80 | return 0; | 80 | return 0; |
| 81 | #endif // HAVE_LIBSSL | 81 | #endif // HAVE_LIBSSL |
| 82 | } | 82 | } |
| 83 | 83 | ||
| 84 | - static int lib3270_get_ssl_maximum_supported_version(const H3270 *hSession) | 84 | + static int lib3270_get_ssl_maximum_protocol_version(const H3270 *hSession) |
| 85 | { | 85 | { |
| 86 | #ifdef HAVE_LIBSSL | 86 | #ifdef HAVE_LIBSSL |
| 87 | - return hSession->ssl.supported_version.maximum; | 87 | + return hSession->ssl.protocol.max_version; |
| 88 | #else | 88 | #else |
| 89 | errno = ENOTSUP; | 89 | errno = ENOTSUP; |
| 90 | return 0; | 90 | return 0; |
| @@ -118,19 +118,19 @@ | @@ -118,19 +118,19 @@ | ||
| 118 | }, | 118 | }, |
| 119 | 119 | ||
| 120 | { | 120 | { |
| 121 | - .name = "ssl_minimum_version", // Property name. | ||
| 122 | - .description = N_( "ID of the minimum supported SSL version" ), // Property description. | 121 | + .name = "ssl_min_protocol_version", // Property name. |
| 122 | + .description = N_( "ID of the minimum supported SSL protocol version" ), // Property description. | ||
| 123 | .default_value = 0, | 123 | .default_value = 0, |
| 124 | - .get = lib3270_get_ssl_minimum_supported_version, // Get value. | ||
| 125 | - .set = lib3270_set_ssl_minimum_supported_version // Set value. | 124 | + .get = lib3270_get_ssl_minimum_protocol_version, // Get value. |
| 125 | + .set = lib3270_set_ssl_minimum_protocol_version // Set value. | ||
| 126 | }, | 126 | }, |
| 127 | 127 | ||
| 128 | { | 128 | { |
| 129 | - .name = "ssl_maximum_version", // Property name. | ||
| 130 | - .description = N_( "ID of the maximum supported SSL version" ), // Property description. | 129 | + .name = "ssl_max_protocol_version", // Property name. |
| 130 | + .description = N_( "ID of the maximum supported SSL protocol version" ), // Property description. | ||
| 131 | .default_value = 0, | 131 | .default_value = 0, |
| 132 | - .get = lib3270_get_ssl_maximum_supported_version, // Get value. | ||
| 133 | - .set = lib3270_set_ssl_maximum_supported_version // Set value. | 132 | + .get = lib3270_get_ssl_maximum_protocol_version, // Get value. |
| 133 | + .set = lib3270_set_ssl_maximum_protocol_version // Set value. | ||
| 134 | }, | 134 | }, |
| 135 | 135 | ||
| 136 | { | 136 | { |
src/core/session.c
| @@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model) | @@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model) | ||
| 411 | hSession->id = 0; | 411 | hSession->id = 0; |
| 412 | 412 | ||
| 413 | #ifdef HAVE_LIBSSL | 413 | #ifdef HAVE_LIBSSL |
| 414 | - hSession->ssl.supported_version.minimum = 0; | ||
| 415 | - hSession->ssl.supported_version.maximum = 0; | 414 | + hSession->ssl.protocol.min_version = 0; |
| 415 | + hSession->ssl.protocol.max_version = 0; | ||
| 416 | #endif // HAVE_LIBSSL | 416 | #endif // HAVE_LIBSSL |
| 417 | 417 | ||
| 418 | #ifdef SSL_ENABLE_CRL_CHECK | 418 | #ifdef SSL_ENABLE_CRL_CHECK |
src/include/internals.h
| @@ -665,9 +665,9 @@ struct _h3270 | @@ -665,9 +665,9 @@ struct _h3270 | ||
| 665 | 665 | ||
| 666 | struct | 666 | struct |
| 667 | { | 667 | { |
| 668 | - int minimum; ///< @brief The minimum supported protocol version. | ||
| 669 | - int maximum; ///< @brief The maximum supported protocol version. | ||
| 670 | - } supported_version; | 668 | + int min_version; ///< @brief The minimum supported protocol version. |
| 669 | + int max_version; ///< @brief The maximum supported protocol version. | ||
| 670 | + } protocol; | ||
| 671 | 671 | ||
| 672 | #ifdef SSL_ENABLE_CRL_CHECK | 672 | #ifdef SSL_ENABLE_CRL_CHECK |
| 673 | struct | 673 | struct |
src/ssl/negotiate.c
| @@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 150 | } | 150 | } |
| 151 | 151 | ||
| 152 | /* Set up the TLS/SSL connection. */ | 152 | /* Set up the TLS/SSL connection. */ |
| 153 | + if(hSession->ssl.protocol.min_version) | ||
| 154 | + { | ||
| 155 | + trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version); | ||
| 156 | + SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version); | ||
| 157 | + } | ||
| 158 | + | ||
| 159 | + if(hSession->ssl.protocol.max_version) | ||
| 160 | + { | ||
| 161 | + trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version); | ||
| 162 | + SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version); | ||
| 163 | + } | ||
| 164 | + | ||
| 153 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) | 165 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) |
| 154 | { | 166 | { |
| 155 | trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); | 167 | trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); |