View | Details | Raw Unified | Return to bug 53952
Collapse All | Expand All

(-)native/include/ssl_private.h (-1 / +3 lines)
Lines 116-122 Link Here
116
#define SSL_PROTOCOL_SSLV2      (1<<0)
116
#define SSL_PROTOCOL_SSLV2      (1<<0)
117
#define SSL_PROTOCOL_SSLV3      (1<<1)
117
#define SSL_PROTOCOL_SSLV3      (1<<1)
118
#define SSL_PROTOCOL_TLSV1      (1<<2)
118
#define SSL_PROTOCOL_TLSV1      (1<<2)
119
#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
119
#define SSL_PROTOCOL_TLSV1_1    (1<<3)
120
#define SSL_PROTOCOL_TLSV1_2    (1<<4)
121
#define SSL_PROTOCOL_ALL        (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
120
122
121
#define SSL_MODE_CLIENT         (0)
123
#define SSL_MODE_CLIENT         (0)
122
#define SSL_MODE_SERVER         (1)
124
#define SSL_MODE_SERVER         (1)
(-)native/src/ssl.c (+8 lines)
Lines 182-187 Link Here
182
     | SSL_OP_NO_TLSv1
182
     | SSL_OP_NO_TLSv1
183
#endif
183
#endif
184
184
185
#ifdef SSL_OP_NO_TLSv1_1
186
     | SSL_OP_NO_TLSv1_1
187
#endif
188
189
#ifdef SSL_OP_NO_TLSv1_2
190
     | SSL_OP_NO_TLSv1_2
191
#endif
192
185
#ifdef SSL_OP_SINGLE_DH_USE
193
#ifdef SSL_OP_SINGLE_DH_USE
186
     | SSL_OP_SINGLE_DH_USE
194
     | SSL_OP_SINGLE_DH_USE
187
#endif
195
#endif
(-)native/src/sslcontext.c (-36 / +65 lines)
Lines 71-113 Link Here
71
    SSL_CTX *ctx = NULL;
71
    SSL_CTX *ctx = NULL;
72
    UNREFERENCED(o);
72
    UNREFERENCED(o);
73
73
74
    switch (protocol) {
74
    if (protocol == SSL_PROTOCOL_TLSV1_2) {
75
        case SSL_PROTOCOL_SSLV2:
75
#ifdef SSL_OP_NO_TLSv1_2
76
            if (mode == SSL_MODE_CLIENT)
76
        if (mode == SSL_MODE_CLIENT)
77
                ctx = SSL_CTX_new(SSLv2_client_method());
77
            ctx = SSL_CTX_new(TLSv1_2_client_method());
78
            else if (mode == SSL_MODE_SERVER)
78
        else if (mode == SSL_MODE_SERVER)
79
                ctx = SSL_CTX_new(SSLv2_server_method());
79
            ctx = SSL_CTX_new(TLSv1_2_server_method());
80
            else
80
        else
81
                ctx = SSL_CTX_new(SSLv2_method());
81
            ctx = SSL_CTX_new(TLSv1_2_method());
82
        break;
82
#endif
83
        case SSL_PROTOCOL_SSLV3:
83
    } else if (protocol == SSL_PROTOCOL_TLSV1_1) {
84
            if (mode == SSL_MODE_CLIENT)
84
#ifdef SSL_OP_NO_TLSv1_1
85
                ctx = SSL_CTX_new(SSLv3_client_method());
85
        if (mode == SSL_MODE_CLIENT)
86
            else if (mode == SSL_MODE_SERVER)
86
            ctx = SSL_CTX_new(TLSv1_1_client_method());
87
                ctx = SSL_CTX_new(SSLv3_server_method());
87
        else if (mode == SSL_MODE_SERVER)
88
            else
88
            ctx = SSL_CTX_new(TLSv1_1_server_method());
89
                ctx = SSL_CTX_new(SSLv3_method());
89
        else
90
        break;
90
            ctx = SSL_CTX_new(TLSv1_1_method());
91
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
91
#endif
92
        case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
92
    } else if (protocol == SSL_PROTOCOL_TLSV1) {
93
        case SSL_PROTOCOL_ALL:
93
        if (mode == SSL_MODE_CLIENT)
94
        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
94
            ctx = SSL_CTX_new(TLSv1_client_method());
95
            if (mode == SSL_MODE_CLIENT)
95
        else if (mode == SSL_MODE_SERVER)
96
                ctx = SSL_CTX_new(SSLv23_client_method());
96
            ctx = SSL_CTX_new(TLSv1_server_method());
97
            else if (mode == SSL_MODE_SERVER)
97
        else
98
                ctx = SSL_CTX_new(SSLv23_server_method());
98
            ctx = SSL_CTX_new(TLSv1_method());
99
            else
99
    } else if (protocol == SSL_PROTOCOL_SSLV3) {
100
                ctx = SSL_CTX_new(SSLv23_method());
100
        if (mode == SSL_MODE_CLIENT)
101
        break;
101
            ctx = SSL_CTX_new(SSLv3_client_method());
102
        case SSL_PROTOCOL_TLSV1:
102
        else if (mode == SSL_MODE_SERVER)
103
            if (mode == SSL_MODE_CLIENT)
103
            ctx = SSL_CTX_new(SSLv3_server_method());
104
                ctx = SSL_CTX_new(TLSv1_client_method());
104
        else
105
            else if (mode == SSL_MODE_SERVER)
105
            ctx = SSL_CTX_new(SSLv3_method());
106
                ctx = SSL_CTX_new(TLSv1_server_method());
106
#ifndef OPENSSL_NO_SSL2
107
            else
107
    } else if (protocol == SSL_PROTOCOL_SSLV2) {
108
                ctx = SSL_CTX_new(TLSv1_method());
108
        if (mode == SSL_MODE_CLIENT)
109
        break;
109
            ctx = SSL_CTX_new(SSLv2_client_method());
110
        else if (mode == SSL_MODE_SERVER)
111
            ctx = SSL_CTX_new(SSLv2_server_method());
112
        else
113
            ctx = SSL_CTX_new(SSLv2_method());
114
#endif
115
#ifndef SSL_OP_NO_TLSv1_2
116
    } else if (protocol & SSL_PROTOCOL_TLSV1_2) {
117
        /* requested but not supported */
118
#endif
119
#ifndef SSL_OP_NO_TLSv1_1
120
    } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
121
        /* requested but not supported */
122
#endif
123
    } else {
124
        if (mode == SSL_MODE_CLIENT)
125
            ctx = SSL_CTX_new(SSLv23_client_method());
126
        else if (mode == SSL_MODE_SERVER)
127
            ctx = SSL_CTX_new(SSLv23_server_method());
128
        else
129
            ctx = SSL_CTX_new(SSLv23_method());
110
    }
130
    }
131
111
    if (!ctx) {
132
    if (!ctx) {
112
        char err[256];
133
        char err[256];
113
        ERR_error_string(ERR_get_error(), err);
134
        ERR_error_string(ERR_get_error(), err);
Lines 133-138 Link Here
133
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
154
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
134
    if (!(protocol & SSL_PROTOCOL_TLSV1))
155
    if (!(protocol & SSL_PROTOCOL_TLSV1))
135
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
156
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
157
#ifdef SSL_OP_NO_TLSv1_1
158
    if (!(protocol & SSL_PROTOCOL_TLSV1_1))
159
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1);
160
#endif
161
#ifdef SSL_OP_NO_TLSv1_2
162
    if (!(protocol & SSL_PROTOCOL_TLSV1_2))
163
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
164
#endif
136
    /*
165
    /*
137
     * Configure additional context ingredients
166
     * Configure additional context ingredients
138
     */
167
     */

Return to bug 53952