Attachment #29458 for bug #53952

View | Details | Raw Unified | Return to bug 53952
Collapse All | Expand All

Lines 117-123 Link Here

(-)native/include/ssl_private.h (-1 / +3 lines)
117	#define SSL_PROTOCOL_SSLV2 (1<<0)	117	#define SSL_PROTOCOL_SSLV2 (1<<0)
118	#define SSL_PROTOCOL_SSLV3 (1<<1)	118	#define SSL_PROTOCOL_SSLV3 (1<<1)
119	#define SSL_PROTOCOL_TLSV1 (1<<2)	119	#define SSL_PROTOCOL_TLSV1 (1<<2)
120	#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2\|SSL_PROTOCOL_SSLV3\|SSL_PROTOCOL_TLSV1)	120	#define SSL_PROTOCOL_TLSV1_1 (1<<3)
		121	#define SSL_PROTOCOL_TLSV1_2 (1<<4)
		122	#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2\|SSL_PROTOCOL_SSLV3\|SSL_PROTOCOL_TLSV1\|SSL_PROTOCOL_TLSV1_1\|SSL_PROTOCOL_TLSV1_2)
121		123
122	#define SSL_MODE_CLIENT (0)	124	#define SSL_MODE_CLIENT (0)
123	#define SSL_MODE_SERVER (1)	125	#define SSL_MODE_SERVER (1)

Lines 170-175 Link Here

(-)native/src/ssl.c (+8 lines)
170	\| SSL_OP_NO_TLSv1	170	\| SSL_OP_NO_TLSv1
171	#endif	171	#endif
172		172
		173	#ifdef SSL_OP_NO_TLSv1_1
		174	\| SSL_OP_NO_TLSv1_1
		175	#endif
		176
		177	#ifdef SSL_OP_NO_TLSv1_2
		178	\| SSL_OP_NO_TLSv1_2
		179	#endif
		180
173	#ifdef SSL_OP_PKCS1_CHECK_1	181	#ifdef SSL_OP_PKCS1_CHECK_1
174	\| SSL_OP_PKCS1_CHECK_1	182	\| SSL_OP_PKCS1_CHECK_1
175	#endif	183	#endif




    SSL_CTX *ctx = NULL;
    UNREFERENCED(o);

    if (protocol & SSL_PROTOCOL_TLSV1_2) {
#ifdef SSL_OP_NO_TLSv1_2
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(TLSv1_2_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(TLSv1_2_server_method());
        else
            ctx = SSL_CTX_new(TLSv1_2_method());
#endif
    } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
#ifdef SSL_OP_NO_TLSv1_1
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(TLSv1_1_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(TLSv1_1_server_method());
        else
            ctx = SSL_CTX_new(TLSv1_1_method());
#endif
    } else if (protocol & SSL_PROTOCOL_TLSV1) {
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(TLSv1_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(TLSv1_server_method());
        else
            ctx = SSL_CTX_new(TLSv1_method());
    } else if (protocol == SSL_PROTOCOL_SSLV3) {
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(SSLv3_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(SSLv3_server_method());
        else
            ctx = SSL_CTX_new(SSLv3_method());
    } else if (protocol == (SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3)) {
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(SSLv23_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(SSLv23_server_method());
        else
            ctx = SSL_CTX_new(SSLv23_method());
#ifndef OPENSSL_NO_SSL2
    } else if (protocol == SSL_PROTOCOL_SSLV2) {
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(SSLv2_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(SSLv2_server_method());
        else
            ctx = SSL_CTX_new(SSLv2_method());
#endif
    }

    if (!ctx) {
        char err[256];
        ERR_error_string(ERR_get_error(), err);

        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
    if (!(protocol & SSL_PROTOCOL_TLSV1))
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
#ifdef SSL_OP_NO_TLSv1_1
    if (!(protocol & SSL_PROTOCOL_TLSV1_1))
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
#endif
#ifdef SSL_OP_NO_TLSv1_2
    if (!(protocol & SSL_PROTOCOL_TLSV1_2))
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
#endif
    /*
     * Configure additional context ingredients
     */

Return to bug 53952

Lines 71-113 Link Here

(-)native/src/sslcontext.c (-36 / +57 lines)
71	SSL_CTX *ctx = NULL;	71	SSL_CTX *ctx = NULL;
72	UNREFERENCED(o);	72	UNREFERENCED(o);
73		73
74	switch (protocol) {	74	if (protocol & SSL_PROTOCOL_TLSV1_2) {
75	case SSL_PROTOCOL_SSLV2:	75	#ifdef SSL_OP_NO_TLSv1_2
76	if (mode == SSL_MODE_CLIENT)	76	if (mode == SSL_MODE_CLIENT)
77	ctx = SSL_CTX_new(SSLv2_client_method());	77	ctx = SSL_CTX_new(TLSv1_2_client_method());
78	else if (mode == SSL_MODE_SERVER)	78	else if (mode == SSL_MODE_SERVER)
79	ctx = SSL_CTX_new(SSLv2_server_method());	79	ctx = SSL_CTX_new(TLSv1_2_server_method());
80	else	80	else
81	ctx = SSL_CTX_new(SSLv2_method());	81	ctx = SSL_CTX_new(TLSv1_2_method());
82	break;	82	#endif
83	case SSL_PROTOCOL_SSLV3:	83	} else if (protocol & SSL_PROTOCOL_TLSV1_1) {
84	if (mode == SSL_MODE_CLIENT)	84	#ifdef SSL_OP_NO_TLSv1_1
85	ctx = SSL_CTX_new(SSLv3_client_method());	85	if (mode == SSL_MODE_CLIENT)
86	else if (mode == SSL_MODE_SERVER)	86	ctx = SSL_CTX_new(TLSv1_1_client_method());
87	ctx = SSL_CTX_new(SSLv3_server_method());	87	else if (mode == SSL_MODE_SERVER)
88	else	88	ctx = SSL_CTX_new(TLSv1_1_server_method());
89	ctx = SSL_CTX_new(SSLv3_method());	89	else
90	break;	90	ctx = SSL_CTX_new(TLSv1_1_method());
91	case SSL_PROTOCOL_SSLV2 \| SSL_PROTOCOL_SSLV3:	91	#endif
92	case SSL_PROTOCOL_SSLV2 \| SSL_PROTOCOL_TLSV1:	92	} else if (protocol & SSL_PROTOCOL_TLSV1) {
93	case SSL_PROTOCOL_ALL:	93	if (mode == SSL_MODE_CLIENT)
94	case SSL_PROTOCOL_SSLV3 \| SSL_PROTOCOL_TLSV1:	94	ctx = SSL_CTX_new(TLSv1_client_method());
95	if (mode == SSL_MODE_CLIENT)	95	else if (mode == SSL_MODE_SERVER)
96	ctx = SSL_CTX_new(SSLv23_client_method());	96	ctx = SSL_CTX_new(TLSv1_server_method());
97	else if (mode == SSL_MODE_SERVER)	97	else
98	ctx = SSL_CTX_new(SSLv23_server_method());	98	ctx = SSL_CTX_new(TLSv1_method());
99	else	99	} else if (protocol == SSL_PROTOCOL_SSLV3) {
100	ctx = SSL_CTX_new(SSLv23_method());	100	if (mode == SSL_MODE_CLIENT)
101	break;	101	ctx = SSL_CTX_new(SSLv3_client_method());
102	case SSL_PROTOCOL_TLSV1:	102	else if (mode == SSL_MODE_SERVER)
103	if (mode == SSL_MODE_CLIENT)	103	ctx = SSL_CTX_new(SSLv3_server_method());
104	ctx = SSL_CTX_new(TLSv1_client_method());	104	else
105	else if (mode == SSL_MODE_SERVER)	105	ctx = SSL_CTX_new(SSLv3_method());
106	ctx = SSL_CTX_new(TLSv1_server_method());	106	} else if (protocol == (SSL_PROTOCOL_SSLV2 \| SSL_PROTOCOL_SSLV3)) {
107	else	107	if (mode == SSL_MODE_CLIENT)
108	ctx = SSL_CTX_new(TLSv1_method());	108	ctx = SSL_CTX_new(SSLv23_client_method());
109	break;	109	else if (mode == SSL_MODE_SERVER)
		110	ctx = SSL_CTX_new(SSLv23_server_method());
		111	else
		112	ctx = SSL_CTX_new(SSLv23_method());
		113	#ifndef OPENSSL_NO_SSL2
		114	} else if (protocol == SSL_PROTOCOL_SSLV2) {
		115	if (mode == SSL_MODE_CLIENT)
		116	ctx = SSL_CTX_new(SSLv2_client_method());
		117	else if (mode == SSL_MODE_SERVER)
		118	ctx = SSL_CTX_new(SSLv2_server_method());
		119	else
		120	ctx = SSL_CTX_new(SSLv2_method());
		121	#endif
110	}	122	}
		123
111	if (!ctx) {	124	if (!ctx) {
112	char err[256];	125	char err[256];
113	ERR_error_string(ERR_get_error(), err);	126	ERR_error_string(ERR_get_error(), err);
Lines 133-138 Link Here
133	SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);	146	SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
134	if (!(protocol & SSL_PROTOCOL_TLSV1))	147	if (!(protocol & SSL_PROTOCOL_TLSV1))
135	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);	148	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
		149	#ifdef SSL_OP_NO_TLSv1_1
		150	if (!(protocol & SSL_PROTOCOL_TLSV1_1))
		151	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
		152	#endif
		153	#ifdef SSL_OP_NO_TLSv1_2
		154	if (!(protocol & SSL_PROTOCOL_TLSV1_2))
		155	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
		156	#endif
136	/*	157	/*
137	* Configure additional context ingredients	158	* Configure additional context ingredients
138	*/	159	*/