Attachment #30111 for bug #53952

View | Details | Raw Unified | Return to bug 53952
Collapse All | Expand All

Lines 116-122 Link Here

(-)native/include/ssl_private.h (-1 / +3 lines)
116	#define SSL_PROTOCOL_SSLV2 (1<<0)	116	#define SSL_PROTOCOL_SSLV2 (1<<0)
117	#define SSL_PROTOCOL_SSLV3 (1<<1)	117	#define SSL_PROTOCOL_SSLV3 (1<<1)
118	#define SSL_PROTOCOL_TLSV1 (1<<2)	118	#define SSL_PROTOCOL_TLSV1 (1<<2)
119	#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2\|SSL_PROTOCOL_SSLV3\|SSL_PROTOCOL_TLSV1)	119	#define SSL_PROTOCOL_TLSV1_1 (1<<3)
		120	#define SSL_PROTOCOL_TLSV1_2 (1<<4)
		121	#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2\|SSL_PROTOCOL_SSLV3\|SSL_PROTOCOL_TLSV1\|SSL_PROTOCOL_TLSV1_1\|SSL_PROTOCOL_TLSV1_2)
120		122
121	#define SSL_MODE_CLIENT (0)	123	#define SSL_MODE_CLIENT (0)
122	#define SSL_MODE_SERVER (1)	124	#define SSL_MODE_SERVER (1)

Lines 182-187 Link Here

(-)native/src/ssl.c (+8 lines)
182	\| SSL_OP_NO_TLSv1	182	\| SSL_OP_NO_TLSv1
183	#endif	183	#endif
184		184
		185	#ifdef SSL_OP_NO_TLSv1_1
		186	\| SSL_OP_NO_TLSv1_1
		187	#endif
		188
		189	#ifdef SSL_OP_NO_TLSv1_2
		190	\| SSL_OP_NO_TLSv1_2
		191	#endif
		192
185	#ifdef SSL_OP_PKCS1_CHECK_1	193	#ifdef SSL_OP_PKCS1_CHECK_1
186	\| SSL_OP_PKCS1_CHECK_1	194	\| SSL_OP_PKCS1_CHECK_1
187	#endif	195	#endif




    SSL_CTX *ctx = NULL;
    UNREFERENCED(o);

    if (protocol == SSL_PROTOCOL_TLSV1_2) {
#ifdef SSL_OP_NO_TLSv1_2
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(TLSv1_2_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(TLSv1_2_server_method());
        else
            ctx = SSL_CTX_new(TLSv1_2_method());
#endif
    } else if (protocol == SSL_PROTOCOL_TLSV1_1) {
#ifdef SSL_OP_NO_TLSv1_1
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(TLSv1_1_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(TLSv1_1_server_method());
        else
            ctx = SSL_CTX_new(TLSv1_1_method());
#endif
    } else if (protocol == SSL_PROTOCOL_TLSV1) {
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(TLSv1_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(TLSv1_server_method());
        else
            ctx = SSL_CTX_new(TLSv1_method());
    } else if (protocol == SSL_PROTOCOL_SSLV3) {
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(SSLv3_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(SSLv3_server_method());
        else
            ctx = SSL_CTX_new(SSLv3_method());
#ifndef OPENSSL_NO_SSL2
    } else if (protocol == SSL_PROTOCOL_SSLV2) {
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(SSLv2_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(SSLv2_server_method());
        else
            ctx = SSL_CTX_new(SSLv2_method());
#endif
#ifndef SSL_OP_NO_TLSv1_2
    } else if (protocol & SSL_PROTOCOL_TLSV1_2) {
        /* requested but not supported */
#endif
#ifndef SSL_OP_NO_TLSv1_1
    } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
        /* requested but not supported */
#endif
    } else {
        if (mode == SSL_MODE_CLIENT)
            ctx = SSL_CTX_new(SSLv23_client_method());
        else if (mode == SSL_MODE_SERVER)
            ctx = SSL_CTX_new(SSLv23_server_method());
        else
            ctx = SSL_CTX_new(SSLv23_method());
    }

    if (!ctx) {
        char err[256];
        ERR_error_string(ERR_get_error(), err);

        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
    if (!(protocol & SSL_PROTOCOL_TLSV1))
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
#ifdef SSL_OP_NO_TLSv1_1
    if (!(protocol & SSL_PROTOCOL_TLSV1_1))
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
#endif
#ifdef SSL_OP_NO_TLSv1_2
    if (!(protocol & SSL_PROTOCOL_TLSV1_2))
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
#endif
    /*
     * Configure additional context ingredients
     */

Return to bug 53952

Lines 71-113 Link Here

(-)native/src/sslcontext.c (-36 / +65 lines)
71	SSL_CTX *ctx = NULL;	71	SSL_CTX *ctx = NULL;
72	UNREFERENCED(o);	72	UNREFERENCED(o);
73		73
74	switch (protocol) {	74	if (protocol == SSL_PROTOCOL_TLSV1_2) {
75	case SSL_PROTOCOL_SSLV2:	75	#ifdef SSL_OP_NO_TLSv1_2
76	if (mode == SSL_MODE_CLIENT)	76	if (mode == SSL_MODE_CLIENT)
77	ctx = SSL_CTX_new(SSLv2_client_method());	77	ctx = SSL_CTX_new(TLSv1_2_client_method());
78	else if (mode == SSL_MODE_SERVER)	78	else if (mode == SSL_MODE_SERVER)
79	ctx = SSL_CTX_new(SSLv2_server_method());	79	ctx = SSL_CTX_new(TLSv1_2_server_method());
80	else	80	else
81	ctx = SSL_CTX_new(SSLv2_method());	81	ctx = SSL_CTX_new(TLSv1_2_method());
82	break;	82	#endif
83	case SSL_PROTOCOL_SSLV3:	83	} else if (protocol == SSL_PROTOCOL_TLSV1_1) {
84	if (mode == SSL_MODE_CLIENT)	84	#ifdef SSL_OP_NO_TLSv1_1
85	ctx = SSL_CTX_new(SSLv3_client_method());	85	if (mode == SSL_MODE_CLIENT)
86	else if (mode == SSL_MODE_SERVER)	86	ctx = SSL_CTX_new(TLSv1_1_client_method());
87	ctx = SSL_CTX_new(SSLv3_server_method());	87	else if (mode == SSL_MODE_SERVER)
88	else	88	ctx = SSL_CTX_new(TLSv1_1_server_method());
89	ctx = SSL_CTX_new(SSLv3_method());	89	else
90	break;	90	ctx = SSL_CTX_new(TLSv1_1_method());
91	case SSL_PROTOCOL_SSLV2 \| SSL_PROTOCOL_SSLV3:	91	#endif
92	case SSL_PROTOCOL_SSLV2 \| SSL_PROTOCOL_TLSV1:	92	} else if (protocol == SSL_PROTOCOL_TLSV1) {
93	case SSL_PROTOCOL_ALL:	93	if (mode == SSL_MODE_CLIENT)
94	case SSL_PROTOCOL_SSLV3 \| SSL_PROTOCOL_TLSV1:	94	ctx = SSL_CTX_new(TLSv1_client_method());
95	if (mode == SSL_MODE_CLIENT)	95	else if (mode == SSL_MODE_SERVER)
96	ctx = SSL_CTX_new(SSLv23_client_method());	96	ctx = SSL_CTX_new(TLSv1_server_method());
97	else if (mode == SSL_MODE_SERVER)	97	else
98	ctx = SSL_CTX_new(SSLv23_server_method());	98	ctx = SSL_CTX_new(TLSv1_method());
99	else	99	} else if (protocol == SSL_PROTOCOL_SSLV3) {
100	ctx = SSL_CTX_new(SSLv23_method());	100	if (mode == SSL_MODE_CLIENT)
101	break;	101	ctx = SSL_CTX_new(SSLv3_client_method());
102	case SSL_PROTOCOL_TLSV1:	102	else if (mode == SSL_MODE_SERVER)
103	if (mode == SSL_MODE_CLIENT)	103	ctx = SSL_CTX_new(SSLv3_server_method());
104	ctx = SSL_CTX_new(TLSv1_client_method());	104	else
105	else if (mode == SSL_MODE_SERVER)	105	ctx = SSL_CTX_new(SSLv3_method());
106	ctx = SSL_CTX_new(TLSv1_server_method());	106	#ifndef OPENSSL_NO_SSL2
107	else	107	} else if (protocol == SSL_PROTOCOL_SSLV2) {
108	ctx = SSL_CTX_new(TLSv1_method());	108	if (mode == SSL_MODE_CLIENT)
109	break;	109	ctx = SSL_CTX_new(SSLv2_client_method());
		110	else if (mode == SSL_MODE_SERVER)
		111	ctx = SSL_CTX_new(SSLv2_server_method());
		112	else
		113	ctx = SSL_CTX_new(SSLv2_method());
		114	#endif
		115	#ifndef SSL_OP_NO_TLSv1_2
		116	} else if (protocol & SSL_PROTOCOL_TLSV1_2) {
		117	/* requested but not supported */
		118	#endif
		119	#ifndef SSL_OP_NO_TLSv1_1
		120	} else if (protocol & SSL_PROTOCOL_TLSV1_1) {
		121	/* requested but not supported */
		122	#endif
		123	} else {
		124	if (mode == SSL_MODE_CLIENT)
		125	ctx = SSL_CTX_new(SSLv23_client_method());
		126	else if (mode == SSL_MODE_SERVER)
		127	ctx = SSL_CTX_new(SSLv23_server_method());
		128	else
		129	ctx = SSL_CTX_new(SSLv23_method());
110	}	130	}
		131
111	if (!ctx) {	132	if (!ctx) {
112	char err[256];	133	char err[256];
113	ERR_error_string(ERR_get_error(), err);	134	ERR_error_string(ERR_get_error(), err);
Lines 133-138 Link Here
133	SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);	154	SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
134	if (!(protocol & SSL_PROTOCOL_TLSV1))	155	if (!(protocol & SSL_PROTOCOL_TLSV1))
135	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);	156	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
		157	#ifdef SSL_OP_NO_TLSv1_1
		158	if (!(protocol & SSL_PROTOCOL_TLSV1_1))
		159	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
		160	#endif
		161	#ifdef SSL_OP_NO_TLSv1_2
		162	if (!(protocol & SSL_PROTOCOL_TLSV1_2))
		163	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
		164	#endif
136	/*	165	/*
137	* Configure additional context ingredients	166	* Configure additional context ingredients
138	*/	167	*/