[patch] Patch for tomcat native adding support for newer TLS versions

2-tcnative-1.1.x-add-tls1_1_and_1_2.patch (text/plain), 5.53 KB, created by Marcel Šebek on 2013-04-04 21:05:19 UTC

(hide)

Description: Patch for tomcat native adding support for newer TLS versions

Filename:

MIME Type:

Creator: Marcel Šebek

Created: 2013-04-04 21:05:19 UTC

Size: 5.53 KB

patch

obsolete

>Index: native/include/ssl_private.h >=================================================================== >--- native/include/ssl_private.h (revision 1461840) >+++ native/include/ssl_private.h (working copy) >@@ -116,7 +116,9 @@ > #define SSL_PROTOCOL_SSLV2 (1<<0) > #define SSL_PROTOCOL_SSLV3 (1<<1) > #define SSL_PROTOCOL_TLSV1 (1<<2) >-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) >+#define SSL_PROTOCOL_TLSV1_1 (1<<3) >+#define SSL_PROTOCOL_TLSV1_2 (1<<4) >+#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2) > > #define SSL_MODE_CLIENT (0) > #define SSL_MODE_SERVER (1) >Index: native/src/ssl.c >=================================================================== >--- native/src/ssl.c (revision 1461840) >+++ native/src/ssl.c (working copy) >@@ -182,6 +182,14 @@ > | SSL_OP_NO_TLSv1 > #endif > >+#ifdef SSL_OP_NO_TLSv1_1 >+ | SSL_OP_NO_TLSv1_1 >+#endif >+ >+#ifdef SSL_OP_NO_TLSv1_2 >+ | SSL_OP_NO_TLSv1_2 >+#endif >+ > #ifdef SSL_OP_SINGLE_DH_USE > | SSL_OP_SINGLE_DH_USE > #endif >Index: native/src/sslcontext.c >=================================================================== >--- native/src/sslcontext.c (revision 1461840) >+++ native/src/sslcontext.c (working copy) >@@ -71,43 +71,64 @@ > SSL_CTX *ctx = NULL; > UNREFERENCED(o); > >- switch (protocol) { >- case SSL_PROTOCOL_SSLV2: >- if (mode == SSL_MODE_CLIENT) >- ctx = SSL_CTX_new(SSLv2_client_method()); >- else if (mode == SSL_MODE_SERVER) >- ctx = SSL_CTX_new(SSLv2_server_method()); >- else >- ctx = SSL_CTX_new(SSLv2_method()); >- break; >- case SSL_PROTOCOL_SSLV3: >- if (mode == SSL_MODE_CLIENT) >- ctx = SSL_CTX_new(SSLv3_client_method()); >- else if (mode == SSL_MODE_SERVER) >- ctx = SSL_CTX_new(SSLv3_server_method()); >- else >- ctx = SSL_CTX_new(SSLv3_method()); >- break; >- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: >- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: >- case SSL_PROTOCOL_ALL: >- case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: >- if (mode == SSL_MODE_CLIENT) >- ctx = SSL_CTX_new(SSLv23_client_method()); >- else if (mode == SSL_MODE_SERVER) >- ctx = SSL_CTX_new(SSLv23_server_method()); >- else >- ctx = SSL_CTX_new(SSLv23_method()); >- break; >- case SSL_PROTOCOL_TLSV1: >- if (mode == SSL_MODE_CLIENT) >- ctx = SSL_CTX_new(TLSv1_client_method()); >- else if (mode == SSL_MODE_SERVER) >- ctx = SSL_CTX_new(TLSv1_server_method()); >- else >- ctx = SSL_CTX_new(TLSv1_method()); >- break; >+ if (protocol == SSL_PROTOCOL_TLSV1_2) { >+#ifdef SSL_OP_NO_TLSv1_2 >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(TLSv1_2_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(TLSv1_2_server_method()); >+ else >+ ctx = SSL_CTX_new(TLSv1_2_method()); >+#endif >+ } else if (protocol == SSL_PROTOCOL_TLSV1_1) { >+#ifdef SSL_OP_NO_TLSv1_1 >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(TLSv1_1_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(TLSv1_1_server_method()); >+ else >+ ctx = SSL_CTX_new(TLSv1_1_method()); >+#endif >+ } else if (protocol == SSL_PROTOCOL_TLSV1) { >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(TLSv1_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(TLSv1_server_method()); >+ else >+ ctx = SSL_CTX_new(TLSv1_method()); >+ } else if (protocol == SSL_PROTOCOL_SSLV3) { >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(SSLv3_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(SSLv3_server_method()); >+ else >+ ctx = SSL_CTX_new(SSLv3_method()); >+#ifndef OPENSSL_NO_SSL2 >+ } else if (protocol == SSL_PROTOCOL_SSLV2) { >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(SSLv2_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(SSLv2_server_method()); >+ else >+ ctx = SSL_CTX_new(SSLv2_method()); >+#endif >+#ifndef SSL_OP_NO_TLSv1_2 >+ } else if (protocol & SSL_PROTOCOL_TLSV1_2) { >+ /* requested but not supported */ >+#endif >+#ifndef SSL_OP_NO_TLSv1_1 >+ } else if (protocol & SSL_PROTOCOL_TLSV1_1) { >+ /* requested but not supported */ >+#endif >+ } else { >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(SSLv23_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(SSLv23_server_method()); >+ else >+ ctx = SSL_CTX_new(SSLv23_method()); > } >+ > if (!ctx) { > char err[256]; > ERR_error_string(ERR_get_error(), err); >@@ -133,6 +154,14 @@ > SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3); > if (!(protocol & SSL_PROTOCOL_TLSV1)) > SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1); >+#ifdef SSL_OP_NO_TLSv1_1 >+ if (!(protocol & SSL_PROTOCOL_TLSV1_1)) >+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1); >+#endif >+#ifdef SSL_OP_NO_TLSv1_2 >+ if (!(protocol & SSL_PROTOCOL_TLSV1_2)) >+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); >+#endif > /* > * Configure additional context ingredients > */ View Attachment As Diff View Attachment As Raw

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]