Commit 5fa65443d10de8f7c1edf537d22cf42d51098912
1 parent
d4ccf7cc
Exists in
master
and in
3 other branches
Implementing property to get/set the min/max ssl supported protocol
version.
Showing
4 changed files
with
33 additions
and
21 deletions
Show diff stats
src/core/properties/signed.c
@@ -49,42 +49,42 @@ | @@ -49,42 +49,42 @@ | ||
49 | return (int) lib3270_get_ssl_state(hSession); | 49 | return (int) lib3270_get_ssl_state(hSession); |
50 | } | 50 | } |
51 | 51 | ||
52 | - static int lib3270_set_ssl_minimum_supported_version(H3270 *hSession, int value) | 52 | + static int lib3270_set_ssl_minimum_protocol_version(H3270 *hSession, int value) |
53 | { | 53 | { |
54 | #ifdef HAVE_LIBSSL | 54 | #ifdef HAVE_LIBSSL |
55 | FAIL_IF_ONLINE(hSession); | 55 | FAIL_IF_ONLINE(hSession); |
56 | - hSession->ssl.supported_version.minimum = value; | 56 | + hSession->ssl.protocol.min_version = value; |
57 | return 0; | 57 | return 0; |
58 | #else | 58 | #else |
59 | return ENOTSUP; | 59 | return ENOTSUP; |
60 | #endif // HAVE_LIBSSL | 60 | #endif // HAVE_LIBSSL |
61 | } | 61 | } |
62 | 62 | ||
63 | - static int lib3270_set_ssl_maximum_supported_version(H3270 *hSession, int value) | 63 | + static int lib3270_set_ssl_maximum_protocol_version(H3270 *hSession, int value) |
64 | { | 64 | { |
65 | #ifdef HAVE_LIBSSL | 65 | #ifdef HAVE_LIBSSL |
66 | FAIL_IF_ONLINE(hSession); | 66 | FAIL_IF_ONLINE(hSession); |
67 | - hSession->ssl.supported_version.maximum = value; | 67 | + hSession->ssl.protocol.max_version = value; |
68 | return 0; | 68 | return 0; |
69 | #else | 69 | #else |
70 | return ENOTSUP; | 70 | return ENOTSUP; |
71 | #endif // HAVE_LIBSSL | 71 | #endif // HAVE_LIBSSL |
72 | } | 72 | } |
73 | 73 | ||
74 | - static int lib3270_get_ssl_minimum_supported_version(const H3270 *hSession) | 74 | + static int lib3270_get_ssl_minimum_protocol_version(const H3270 *hSession) |
75 | { | 75 | { |
76 | #ifdef HAVE_LIBSSL | 76 | #ifdef HAVE_LIBSSL |
77 | - return hSession->ssl.supported_version.minimum; | 77 | + return hSession->ssl.protocol.min_version; |
78 | #else | 78 | #else |
79 | errno = ENOTSUP; | 79 | errno = ENOTSUP; |
80 | return 0; | 80 | return 0; |
81 | #endif // HAVE_LIBSSL | 81 | #endif // HAVE_LIBSSL |
82 | } | 82 | } |
83 | 83 | ||
84 | - static int lib3270_get_ssl_maximum_supported_version(const H3270 *hSession) | 84 | + static int lib3270_get_ssl_maximum_protocol_version(const H3270 *hSession) |
85 | { | 85 | { |
86 | #ifdef HAVE_LIBSSL | 86 | #ifdef HAVE_LIBSSL |
87 | - return hSession->ssl.supported_version.maximum; | 87 | + return hSession->ssl.protocol.max_version; |
88 | #else | 88 | #else |
89 | errno = ENOTSUP; | 89 | errno = ENOTSUP; |
90 | return 0; | 90 | return 0; |
@@ -118,19 +118,19 @@ | @@ -118,19 +118,19 @@ | ||
118 | }, | 118 | }, |
119 | 119 | ||
120 | { | 120 | { |
121 | - .name = "ssl_minimum_version", // Property name. | ||
122 | - .description = N_( "ID of the minimum supported SSL version" ), // Property description. | 121 | + .name = "ssl_min_protocol_version", // Property name. |
122 | + .description = N_( "ID of the minimum supported SSL protocol version" ), // Property description. | ||
123 | .default_value = 0, | 123 | .default_value = 0, |
124 | - .get = lib3270_get_ssl_minimum_supported_version, // Get value. | ||
125 | - .set = lib3270_set_ssl_minimum_supported_version // Set value. | 124 | + .get = lib3270_get_ssl_minimum_protocol_version, // Get value. |
125 | + .set = lib3270_set_ssl_minimum_protocol_version // Set value. | ||
126 | }, | 126 | }, |
127 | 127 | ||
128 | { | 128 | { |
129 | - .name = "ssl_maximum_version", // Property name. | ||
130 | - .description = N_( "ID of the maximum supported SSL version" ), // Property description. | 129 | + .name = "ssl_max_protocol_version", // Property name. |
130 | + .description = N_( "ID of the maximum supported SSL protocol version" ), // Property description. | ||
131 | .default_value = 0, | 131 | .default_value = 0, |
132 | - .get = lib3270_get_ssl_maximum_supported_version, // Get value. | ||
133 | - .set = lib3270_set_ssl_maximum_supported_version // Set value. | 132 | + .get = lib3270_get_ssl_maximum_protocol_version, // Get value. |
133 | + .set = lib3270_set_ssl_maximum_protocol_version // Set value. | ||
134 | }, | 134 | }, |
135 | 135 | ||
136 | { | 136 | { |
src/core/session.c
@@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model) | @@ -411,8 +411,8 @@ H3270 * lib3270_session_new(const char *model) | ||
411 | hSession->id = 0; | 411 | hSession->id = 0; |
412 | 412 | ||
413 | #ifdef HAVE_LIBSSL | 413 | #ifdef HAVE_LIBSSL |
414 | - hSession->ssl.supported_version.minimum = 0; | ||
415 | - hSession->ssl.supported_version.maximum = 0; | 414 | + hSession->ssl.protocol.min_version = 0; |
415 | + hSession->ssl.protocol.max_version = 0; | ||
416 | #endif // HAVE_LIBSSL | 416 | #endif // HAVE_LIBSSL |
417 | 417 | ||
418 | #ifdef SSL_ENABLE_CRL_CHECK | 418 | #ifdef SSL_ENABLE_CRL_CHECK |
src/include/internals.h
@@ -665,9 +665,9 @@ struct _h3270 | @@ -665,9 +665,9 @@ struct _h3270 | ||
665 | 665 | ||
666 | struct | 666 | struct |
667 | { | 667 | { |
668 | - int minimum; ///< @brief The minimum supported protocol version. | ||
669 | - int maximum; ///< @brief The maximum supported protocol version. | ||
670 | - } supported_version; | 668 | + int min_version; ///< @brief The minimum supported protocol version. |
669 | + int max_version; ///< @brief The maximum supported protocol version. | ||
670 | + } protocol; | ||
671 | 671 | ||
672 | #ifdef SSL_ENABLE_CRL_CHECK | 672 | #ifdef SSL_ENABLE_CRL_CHECK |
673 | struct | 673 | struct |
src/ssl/negotiate.c
@@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -150,6 +150,18 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
150 | } | 150 | } |
151 | 151 | ||
152 | /* Set up the TLS/SSL connection. */ | 152 | /* Set up the TLS/SSL connection. */ |
153 | + if(hSession->ssl.protocol.min_version) | ||
154 | + { | ||
155 | + trace_ssl(hSession,"Minimum protocol version set to %d\n",hSession->ssl.protocol.min_version); | ||
156 | + SSL_set_min_proto_version(hSession->ssl.con,hSession->ssl.protocol.min_version); | ||
157 | + } | ||
158 | + | ||
159 | + if(hSession->ssl.protocol.max_version) | ||
160 | + { | ||
161 | + trace_ssl(hSession,"Maximum protocol version set to %d\n",hSession->ssl.protocol.max_version); | ||
162 | + SSL_set_max_proto_version(hSession->ssl.con,hSession->ssl.protocol.max_version); | ||
163 | + } | ||
164 | + | ||
153 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) | 165 | if(SSL_set_fd(hSession->ssl.con, hSession->connection.sock) != 1) |
154 | { | 166 | { |
155 | trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); | 167 | trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); |