Commit 5fa65443d10de8f7c1edf537d22cf42d51098912

Authored by Perry Werneck
1 parent d4ccf7cc

Implementing property to get/set the min/max ssl supported protocol

version.
src/core/properties/signed.c
@@ -49,42 +49,42 @@ @@ -49,42 +49,42 @@
49 return (int) lib3270_get_ssl_state(hSession); 49 return (int) lib3270_get_ssl_state(hSession);
50 } 50 }
51 51
52 - static int lib3270_set_ssl_minimum_supported_version(H3270 *hSession, int value) 52 + static int lib3270_set_ssl_minimum_protocol_version(H3270 *hSession, int value)
53 { 53 {
54 #ifdef HAVE_LIBSSL 54 #ifdef HAVE_LIBSSL
55 FAIL_IF_ONLINE(hSession); 55 FAIL_IF_ONLINE(hSession);
56 - hSession->ssl.supported_version.minimum = value; 56 + hSession->ssl.protocol.min_version = value;
57 return 0; 57 return 0;
58 #else 58 #else
59 return ENOTSUP; 59 return ENOTSUP;
60 #endif // HAVE_LIBSSL 60 #endif // HAVE_LIBSSL
61 } 61 }
62 62
63 - static int lib3270_set_ssl_maximum_supported_version(H3270 *hSession, int value) 63 + static int lib3270_set_ssl_maximum_protocol_version(H3270 *hSession, int value)
64 { 64 {
65 #ifdef HAVE_LIBSSL 65 #ifdef HAVE_LIBSSL
66 FAIL_IF_ONLINE(hSession); 66 FAIL_IF_ONLINE(hSession);
67 - hSession->ssl.supported_version.maximum = value; 67 + hSession->ssl.protocol.max_version = value;
68 return 0; 68 return 0;
69 #else 69 #else
70 return ENOTSUP; 70 return ENOTSUP;
71 #endif // HAVE_LIBSSL 71 #endif // HAVE_LIBSSL
72 } 72 }
73 73
74 - static int lib3270_get_ssl_minimum_supported_version(const H3270 *hSession) 74 + static int lib3270_get_ssl_minimum_protocol_version(const H3270 *hSession)
75 { 75 {
76 #ifdef HAVE_LIBSSL 76 #ifdef HAVE_LIBSSL
77 - return hSession->ssl.supported_version.minimum; 77 + return hSession->ssl.protocol.min_version;
78 #else 78 #else
79 errno = ENOTSUP; 79 errno = ENOTSUP;
80 return 0; 80 return 0;
81 #endif // HAVE_LIBSSL 81 #endif // HAVE_LIBSSL
82 } 82 }
83 83
84 - static int lib3270_get_ssl_maximum_supported_version(const H3270 *hSession) 84 + static int lib3270_get_ssl_maximum_protocol_version(const H3270 *hSession)
85 { 85 {
86 #ifdef HAVE_LIBSSL 86 #ifdef HAVE_LIBSSL
87 - return hSession->ssl.supported_version.maximum; 87 + return hSession->ssl.protocol.max_version;
88 #else 88 #else
89 errno = ENOTSUP; 89 errno = ENOTSUP;
90 return 0; 90 return 0;
@@ -118,19 +118,19 @@ @@ -118,19 +118,19 @@
118 }, 118 },
119 119
120 { 120 {
121 - .name = "ssl_minimum_version", // Property name.  
122 - .description = N_( "ID of the minimum supported SSL version" ), // Property description. 121 + .name = "ssl_min_protocol_version", // Property name.
  122 + .description = N_( "ID of the minimum supported SSL protocol version" ), // Property description.
123 .default_value = 0, 123 .default_value = 0,
124 - .get = lib3270_get_ssl_minimum_supported_version, // Get value.  
125 - .set = lib3270_set_ssl_minimum_supported_version // Set value. 124 + .get = lib3270_get_ssl_minimum_protocol_version, // Get value.
  125 + .set = lib3270_set_ssl_minimum_protocol_version // Set value.
126 }, 126 },
127 127
128 { 128 {
129 - .name = "ssl_maximum_version", // Property name.  
130 - .description = N_( "ID of the maximum supported SSL version" ), // Property description. 129 + .name = "ssl_max_protocol_version", // Property name.
  130 + .description = N_( "ID of the maximum supported SSL protocol version" ), // Property description.
131 .default_value = 0, 131 .default_value = 0,
132 - .get = lib3270_get_ssl_maximum_supported_version, // Get value.  
133 - .set = lib3270_set_ssl_maximum_supported_version // Set value. 132 + .get = lib3270_get_ssl_maximum_protocol_version, // Get value.
  133 + .set = lib3270_set_ssl_maximum_protocol_version // Set value.
134 }, 134 },
135 135
136 { 136 {
src/core/session.c
@@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model) @@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model)
411 hSession->id = 0; 411 hSession->id = 0;
412 412
413 #ifdef HAVE_LIBSSL 413 #ifdef HAVE_LIBSSL
414 - hSession->ssl.supported_version.minimum = 0;  
415 - hSession->ssl.supported_version.maximum = 0; 414 + hSession->ssl.protocol.min_version = 0;
  415 + hSession->ssl.protocol.max_version = 0;
416 #endif // HAVE_LIBSSL 416 #endif // HAVE_LIBSSL
417 417
418 #ifdef SSL_ENABLE_CRL_CHECK 418 #ifdef SSL_ENABLE_CRL_CHECK
src/include/internals.h
@@ -665,9 +665,9 @@ struct _h3270 @@ -665,9 +665,9 @@ struct _h3270
665 665
666 struct 666 struct
667 { 667 {
668 - int minimum; ///< @brief The minimum supported protocol version.  
669 - int maximum; ///< @brief The maximum supported protocol version.  
670 - } supported_version; 668 + int min_version; ///< @brief The minimum supported protocol version.
  669 + int max_version; ///< @brief The maximum supported protocol version.
  670 + } protocol;
671 671
672 #ifdef SSL_ENABLE_CRL_CHECK 672 #ifdef SSL_ENABLE_CRL_CHECK
673 struct 673 struct
src/ssl/negotiate.c
@@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) @@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
150 } 150 }
151 151
152 /* Set up the TLS/SSL connection. */ 152 /* Set up the TLS/SSL connection. */
  153 + if(hSession->ssl.protocol.min_version)
  154 + {
  155 + trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version);
  156 + SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version);
  157 + }
  158 +
  159 + if(hSession->ssl.protocol.max_version)
  160 + {
  161 + trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version);
  162 + SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version);
  163 + }
  164 +
153 if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) 165 if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1)
154 { 166 {
155 trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); 167 trace_ssl(hSession,"%s","SSL_set_fd failed!\n");