Lines 71-113
Link Here
|
71 |
SSL_CTX *ctx = NULL; |
71 |
SSL_CTX *ctx = NULL; |
72 |
UNREFERENCED(o); |
72 |
UNREFERENCED(o); |
73 |
|
73 |
|
74 |
switch (protocol) { |
74 |
if (protocol & SSL_PROTOCOL_TLSV1_2) { |
75 |
case SSL_PROTOCOL_SSLV2: |
75 |
#ifdef SSL_OP_NO_TLSv1_2 |
76 |
if (mode == SSL_MODE_CLIENT) |
76 |
if (mode == SSL_MODE_CLIENT) |
77 |
ctx = SSL_CTX_new(SSLv2_client_method()); |
77 |
ctx = SSL_CTX_new(TLSv1_2_client_method()); |
78 |
else if (mode == SSL_MODE_SERVER) |
78 |
else if (mode == SSL_MODE_SERVER) |
79 |
ctx = SSL_CTX_new(SSLv2_server_method()); |
79 |
ctx = SSL_CTX_new(TLSv1_2_server_method()); |
80 |
else |
80 |
else |
81 |
ctx = SSL_CTX_new(SSLv2_method()); |
81 |
ctx = SSL_CTX_new(TLSv1_2_method()); |
82 |
break; |
82 |
#endif |
83 |
case SSL_PROTOCOL_SSLV3: |
83 |
} else if (protocol & SSL_PROTOCOL_TLSV1_1) { |
84 |
if (mode == SSL_MODE_CLIENT) |
84 |
#ifdef SSL_OP_NO_TLSv1_1 |
85 |
ctx = SSL_CTX_new(SSLv3_client_method()); |
85 |
if (mode == SSL_MODE_CLIENT) |
86 |
else if (mode == SSL_MODE_SERVER) |
86 |
ctx = SSL_CTX_new(TLSv1_1_client_method()); |
87 |
ctx = SSL_CTX_new(SSLv3_server_method()); |
87 |
else if (mode == SSL_MODE_SERVER) |
88 |
else |
88 |
ctx = SSL_CTX_new(TLSv1_1_server_method()); |
89 |
ctx = SSL_CTX_new(SSLv3_method()); |
89 |
else |
90 |
break; |
90 |
ctx = SSL_CTX_new(TLSv1_1_method()); |
91 |
case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: |
91 |
#endif |
92 |
case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: |
92 |
} else if (protocol & SSL_PROTOCOL_TLSV1) { |
93 |
case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: |
93 |
if (mode == SSL_MODE_CLIENT) |
94 |
case SSL_PROTOCOL_ALL: |
94 |
ctx = SSL_CTX_new(TLSv1_client_method()); |
95 |
if (mode == SSL_MODE_CLIENT) |
95 |
else if (mode == SSL_MODE_SERVER) |
96 |
ctx = SSL_CTX_new(SSLv23_client_method()); |
96 |
ctx = SSL_CTX_new(TLSv1_server_method()); |
97 |
else if (mode == SSL_MODE_SERVER) |
97 |
else |
98 |
ctx = SSL_CTX_new(SSLv23_server_method()); |
98 |
ctx = SSL_CTX_new(TLSv1_method()); |
99 |
else |
99 |
} else if (protocol == SSL_PROTOCOL_SSLV3) { |
100 |
ctx = SSL_CTX_new(SSLv23_method()); |
100 |
if (mode == SSL_MODE_CLIENT) |
101 |
break; |
101 |
ctx = SSL_CTX_new(SSLv3_client_method()); |
102 |
case SSL_PROTOCOL_TLSV1: |
102 |
else if (mode == SSL_MODE_SERVER) |
103 |
if (mode == SSL_MODE_CLIENT) |
103 |
ctx = SSL_CTX_new(SSLv3_server_method()); |
104 |
ctx = SSL_CTX_new(TLSv1_client_method()); |
104 |
else |
105 |
else if (mode == SSL_MODE_SERVER) |
105 |
ctx = SSL_CTX_new(SSLv3_method()); |
106 |
ctx = SSL_CTX_new(TLSv1_server_method()); |
106 |
} else if (protocol == (SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3)) { |
107 |
else |
107 |
if (mode == SSL_MODE_CLIENT) |
108 |
ctx = SSL_CTX_new(TLSv1_method()); |
108 |
ctx = SSL_CTX_new(SSLv23_client_method()); |
109 |
break; |
109 |
else if (mode == SSL_MODE_SERVER) |
|
|
110 |
ctx = SSL_CTX_new(SSLv23_server_method()); |
111 |
else |
112 |
ctx = SSL_CTX_new(SSLv23_method()); |
113 |
#ifndef OPENSSL_NO_SSL2 |
114 |
} else if (protocol == SSL_PROTOCOL_SSLV2) { |
115 |
if (mode == SSL_MODE_CLIENT) |
116 |
ctx = SSL_CTX_new(SSLv2_client_method()); |
117 |
else if (mode == SSL_MODE_SERVER) |
118 |
ctx = SSL_CTX_new(SSLv2_server_method()); |
119 |
else |
120 |
ctx = SSL_CTX_new(SSLv2_method()); |
121 |
#endif |
110 |
} |
122 |
} |
|
|
123 |
|
111 |
if (!ctx) { |
124 |
if (!ctx) { |
112 |
char err[256]; |
125 |
char err[256]; |
113 |
ERR_error_string(ERR_get_error(), err); |
126 |
ERR_error_string(ERR_get_error(), err); |
Lines 133-138
Link Here
|
133 |
SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3); |
146 |
SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3); |
134 |
if (!(protocol & SSL_PROTOCOL_TLSV1)) |
147 |
if (!(protocol & SSL_PROTOCOL_TLSV1)) |
135 |
SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1); |
148 |
SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1); |
|
|
149 |
#ifdef SSL_OP_NO_TLSv1_1 |
150 |
if (!(protocol & SSL_PROTOCOL_TLSV1_1)) |
151 |
SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1); |
152 |
#endif |
153 |
#ifdef SSL_OP_NO_TLSv1_2 |
154 |
if (!(protocol & SSL_PROTOCOL_TLSV1_2)) |
155 |
SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); |
156 |
#endif |
136 |
/* |
157 |
/* |
137 |
* Configure additional context ingredients |
158 |
* Configure additional context ingredients |
138 |
*/ |
159 |
*/ |