ASF Bugzilla – Attachment 30150 Details for
Bug 53952
Add support for TLS 1.1 and 1.2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for tomcat native adding support for newer TLS versions
2-tcnative-1.1.x-add-tls1_1_and_1_2.patch (text/plain), 5.53 KB, created by
Marcel Šebek
on 2013-04-04 21:05:19 UTC
(
hide
)
Description:
Patch for tomcat native adding support for newer TLS versions
Filename:
MIME Type:
Creator:
Marcel Šebek
Created:
2013-04-04 21:05:19 UTC
Size:
5.53 KB
patch
obsolete
>Index: native/include/ssl_private.h >=================================================================== >--- native/include/ssl_private.h (revision 1461840) >+++ native/include/ssl_private.h (working copy) >@@ -116,7 +116,9 @@ > #define SSL_PROTOCOL_SSLV2 (1<<0) > #define SSL_PROTOCOL_SSLV3 (1<<1) > #define SSL_PROTOCOL_TLSV1 (1<<2) >-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) >+#define SSL_PROTOCOL_TLSV1_1 (1<<3) >+#define SSL_PROTOCOL_TLSV1_2 (1<<4) >+#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2) > > #define SSL_MODE_CLIENT (0) > #define SSL_MODE_SERVER (1) >Index: native/src/ssl.c >=================================================================== >--- native/src/ssl.c (revision 1461840) >+++ native/src/ssl.c (working copy) >@@ -182,6 +182,14 @@ > | SSL_OP_NO_TLSv1 > #endif > >+#ifdef SSL_OP_NO_TLSv1_1 >+ | SSL_OP_NO_TLSv1_1 >+#endif >+ >+#ifdef SSL_OP_NO_TLSv1_2 >+ | SSL_OP_NO_TLSv1_2 >+#endif >+ > #ifdef SSL_OP_SINGLE_DH_USE > | SSL_OP_SINGLE_DH_USE > #endif >Index: native/src/sslcontext.c >=================================================================== >--- native/src/sslcontext.c (revision 1461840) >+++ native/src/sslcontext.c (working copy) >@@ -71,43 +71,64 @@ > SSL_CTX *ctx = NULL; > UNREFERENCED(o); > >- switch (protocol) { >- case SSL_PROTOCOL_SSLV2: >- if (mode == SSL_MODE_CLIENT) >- ctx = SSL_CTX_new(SSLv2_client_method()); >- else if (mode == SSL_MODE_SERVER) >- ctx = SSL_CTX_new(SSLv2_server_method()); >- else >- ctx = SSL_CTX_new(SSLv2_method()); >- break; >- case SSL_PROTOCOL_SSLV3: >- if (mode == SSL_MODE_CLIENT) >- ctx = SSL_CTX_new(SSLv3_client_method()); >- else if (mode == SSL_MODE_SERVER) >- ctx = SSL_CTX_new(SSLv3_server_method()); >- else >- ctx = SSL_CTX_new(SSLv3_method()); >- break; >- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: >- case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: >- case SSL_PROTOCOL_ALL: >- case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: >- if (mode == SSL_MODE_CLIENT) >- ctx = SSL_CTX_new(SSLv23_client_method()); >- else if (mode == SSL_MODE_SERVER) >- ctx = SSL_CTX_new(SSLv23_server_method()); >- else >- ctx = SSL_CTX_new(SSLv23_method()); >- break; >- case SSL_PROTOCOL_TLSV1: >- if (mode == SSL_MODE_CLIENT) >- ctx = SSL_CTX_new(TLSv1_client_method()); >- else if (mode == SSL_MODE_SERVER) >- ctx = SSL_CTX_new(TLSv1_server_method()); >- else >- ctx = SSL_CTX_new(TLSv1_method()); >- break; >+ if (protocol == SSL_PROTOCOL_TLSV1_2) { >+#ifdef SSL_OP_NO_TLSv1_2 >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(TLSv1_2_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(TLSv1_2_server_method()); >+ else >+ ctx = SSL_CTX_new(TLSv1_2_method()); >+#endif >+ } else if (protocol == SSL_PROTOCOL_TLSV1_1) { >+#ifdef SSL_OP_NO_TLSv1_1 >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(TLSv1_1_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(TLSv1_1_server_method()); >+ else >+ ctx = SSL_CTX_new(TLSv1_1_method()); >+#endif >+ } else if (protocol == SSL_PROTOCOL_TLSV1) { >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(TLSv1_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(TLSv1_server_method()); >+ else >+ ctx = SSL_CTX_new(TLSv1_method()); >+ } else if (protocol == SSL_PROTOCOL_SSLV3) { >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(SSLv3_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(SSLv3_server_method()); >+ else >+ ctx = SSL_CTX_new(SSLv3_method()); >+#ifndef OPENSSL_NO_SSL2 >+ } else if (protocol == SSL_PROTOCOL_SSLV2) { >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(SSLv2_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(SSLv2_server_method()); >+ else >+ ctx = SSL_CTX_new(SSLv2_method()); >+#endif >+#ifndef SSL_OP_NO_TLSv1_2 >+ } else if (protocol & SSL_PROTOCOL_TLSV1_2) { >+ /* requested but not supported */ >+#endif >+#ifndef SSL_OP_NO_TLSv1_1 >+ } else if (protocol & SSL_PROTOCOL_TLSV1_1) { >+ /* requested but not supported */ >+#endif >+ } else { >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(SSLv23_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(SSLv23_server_method()); >+ else >+ ctx = SSL_CTX_new(SSLv23_method()); > } >+ > if (!ctx) { > char err[256]; > ERR_error_string(ERR_get_error(), err); >@@ -133,6 +154,14 @@ > SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3); > if (!(protocol & SSL_PROTOCOL_TLSV1)) > SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1); >+#ifdef SSL_OP_NO_TLSv1_1 >+ if (!(protocol & SSL_PROTOCOL_TLSV1_1)) >+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_1); >+#endif >+#ifdef SSL_OP_NO_TLSv1_2 >+ if (!(protocol & SSL_PROTOCOL_TLSV1_2)) >+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); >+#endif > /* > * Configure additional context ingredients > */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 53952
:
29433
|
29434
|
29435
|
29457
|
29458
|
29459
|
30111
|
30112
|
30149
| 30150 |
30166
|
32114
|
32115