View | Details | Raw Unified | Return to bug 53952
Collapse All | Expand All

(-)native/include/ssl_private.h (-1 / +3 lines)
Lines 117-123 Link Here
117
#define SSL_PROTOCOL_SSLV2      (1<<0)
117
#define SSL_PROTOCOL_SSLV2      (1<<0)
118
#define SSL_PROTOCOL_SSLV3      (1<<1)
118
#define SSL_PROTOCOL_SSLV3      (1<<1)
119
#define SSL_PROTOCOL_TLSV1      (1<<2)
119
#define SSL_PROTOCOL_TLSV1      (1<<2)
120
#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
120
#define SSL_PROTOCOL_TLSV1_1    (1<<3)
121
#define SSL_PROTOCOL_TLSV1_2    (1<<4)
122
#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
121
123
122
#define SSL_MODE_CLIENT         (0)
124
#define SSL_MODE_CLIENT         (0)
123
#define SSL_MODE_SERVER         (1)
125
#define SSL_MODE_SERVER         (1)
(-)native/src/sslcontext.c (-36 / +59 lines)
Lines 71-113 Link Here
71
    SSL_CTX *ctx = NULL;
71
    SSL_CTX *ctx = NULL;
72
    UNREFERENCED(o);
72
    UNREFERENCED(o);
73
73
74
    switch (protocol) {
74
#ifdef SSL_OP_NO_TLSv1_2
75
        case SSL_PROTOCOL_SSLV2:
75
    if (protocol & SSL_PROTOCOL_TLSV1_2) {
76
            if (mode == SSL_MODE_CLIENT)
76
        if (mode == SSL_MODE_CLIENT)
77
                ctx = SSL_CTX_new(SSLv2_client_method());
77
            ctx = SSL_CTX_new(TLSv1_2_client_method());
78
            else if (mode == SSL_MODE_SERVER)
78
        else if (mode == SSL_MODE_SERVER)
79
                ctx = SSL_CTX_new(SSLv2_server_method());
79
            ctx = SSL_CTX_new(TLSv1_2_server_method());
80
            else
80
        else
81
                ctx = SSL_CTX_new(SSLv2_method());
81
            ctx = SSL_CTX_new(TLSv1_2_method());
82
        break;
82
    } else
83
        case SSL_PROTOCOL_SSLV3:
83
#endif
84
            if (mode == SSL_MODE_CLIENT)
84
#ifdef SSL_OP_NO_TLSv1_1
85
                ctx = SSL_CTX_new(SSLv3_client_method());
85
    if (protocol & SSL_PROTOCOL_TLSV1_1) {
86
            else if (mode == SSL_MODE_SERVER)
86
        if (mode == SSL_MODE_CLIENT)
87
                ctx = SSL_CTX_new(SSLv3_server_method());
87
            ctx = SSL_CTX_new(TLSv1_1_client_method());
88
            else
88
        else if (mode == SSL_MODE_SERVER)
89
                ctx = SSL_CTX_new(SSLv3_method());
89
            ctx = SSL_CTX_new(TLSv1_1_server_method());
90
        break;
90
        else
91
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
91
            ctx = SSL_CTX_new(TLSv1_1_method());
92
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
92
    } else
93
        case SSL_PROTOCOL_ALL:
93
#endif
94
        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
94
    if (protocol & SSL_PROTOCOL_TLSV1) {
95
            if (mode == SSL_MODE_CLIENT)
95
        if (mode == SSL_MODE_CLIENT)
96
                ctx = SSL_CTX_new(SSLv23_client_method());
96
            ctx = SSL_CTX_new(TLSv1_client_method());
97
            else if (mode == SSL_MODE_SERVER)
97
        else if (mode == SSL_MODE_SERVER)
98
                ctx = SSL_CTX_new(SSLv23_server_method());
98
            ctx = SSL_CTX_new(TLSv1_server_method());
99
            else
99
        else
100
                ctx = SSL_CTX_new(SSLv23_method());
100
            ctx = SSL_CTX_new(TLSv1_method());
101
        break;
101
    } else if (protocol == SSL_PROTOCOL_SSLV3) {
102
        case SSL_PROTOCOL_TLSV1:
102
        if (mode == SSL_MODE_CLIENT)
103
            if (mode == SSL_MODE_CLIENT)
103
            ctx = SSL_CTX_new(SSLv3_client_method());
104
                ctx = SSL_CTX_new(TLSv1_client_method());
104
        else if (mode == SSL_MODE_SERVER)
105
            else if (mode == SSL_MODE_SERVER)
105
            ctx = SSL_CTX_new(SSLv3_server_method());
106
                ctx = SSL_CTX_new(TLSv1_server_method());
106
        else
107
            else
107
            ctx = SSL_CTX_new(SSLv3_method());
108
                ctx = SSL_CTX_new(TLSv1_method());
108
    } else if (protocol == (SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3)) {
109
        break;
109
        if (mode == SSL_MODE_CLIENT)
110
            ctx = SSL_CTX_new(SSLv23_client_method());
111
        else if (mode == SSL_MODE_SERVER)
112
            ctx = SSL_CTX_new(SSLv23_server_method());
113
        else
114
            ctx = SSL_CTX_new(SSLv23_method());
115
#ifndef OPENSSL_NO_SSL2
116
    } else if (protocol == SSL_PROTOCOL_SSLV2) {
117
        if (mode == SSL_MODE_CLIENT)
118
            ctx = SSL_CTX_new(SSLv2_client_method());
119
        else if (mode == SSL_MODE_SERVER)
120
            ctx = SSL_CTX_new(SSLv2_server_method());
121
        else
122
            ctx = SSL_CTX_new(SSLv2_method());
123
#endif
110
    }
124
    }
125
111
    if (!ctx) {
126
    if (!ctx) {
112
        char err[256];
127
        char err[256];
113
        ERR_error_string(ERR_get_error(), err);
128
        ERR_error_string(ERR_get_error(), err);
Lines 133-138 Link Here
133
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
148
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
134
    if (!(protocol & SSL_PROTOCOL_TLSV1))
149
    if (!(protocol & SSL_PROTOCOL_TLSV1))
135
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
150
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
151
#ifdef SSL_OP_NO_TLSv1_1
152
    if (!(protocol & SSL_PROTOCOL_TLSV1_1))
153
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
154
#endif
155
#ifdef SSL_OP_NO_TLSv1_2
156
    if (!(protocol & SSL_PROTOCOL_TLSV1_2))
157
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
158
#endif
136
    /*
159
    /*
137
     * Configure additional context ingredients
160
     * Configure additional context ingredients
138
     */
161
     */

Return to bug 53952