View | Details | Raw Unified | Return to bug 62748
Collapse All | Expand All

(-)native/include/ssl_private.h (+5 lines)
Lines 84-89 Link Here
84
#define SSL_PROTOCOL_TLSV1      (1<<2)
84
#define SSL_PROTOCOL_TLSV1      (1<<2)
85
#define SSL_PROTOCOL_TLSV1_1    (1<<3)
85
#define SSL_PROTOCOL_TLSV1_1    (1<<3)
86
#define SSL_PROTOCOL_TLSV1_2    (1<<4)
86
#define SSL_PROTOCOL_TLSV1_2    (1<<4)
87
#define SSL_PROTOCOL_TLSV1_3    (1<<5)
87
88
88
#define SSL_MODE_CLIENT         (0)
89
#define SSL_MODE_CLIENT         (0)
89
#define SSL_MODE_SERVER         (1)
90
#define SSL_MODE_SERVER         (1)
Lines 180-185 Link Here
180
#define HAVE_TLSV1_2
181
#define HAVE_TLSV1_2
181
#endif
182
#endif
182
183
184
#if defined(SSL_OP_NO_TLSv1_3)
185
#define HAVE_TLSV1_3
186
#endif
187
183
/* Check for SSL_CONF support */
188
/* Check for SSL_CONF support */
184
#if defined(SSL_CONF_FLAG_FILE)
189
#if defined(SSL_CONF_FLAG_FILE)
185
#define HAVE_SSL_CONF_CMD
190
#define HAVE_SSL_CONF_CMD
(-)native/src/sslcontext.c (-1 / +29 lines)
Lines 152-158 Link Here
152
    }
152
    }
153
153
154
#if OPENSSL_VERSION_NUMBER < 0x10100000L
154
#if OPENSSL_VERSION_NUMBER < 0x10100000L
155
    if (protocol == SSL_PROTOCOL_TLSV1_2) {
155
    if (protocol == SSL_PROTOCOL_TLSV1_3) {
156
#ifdef HAVE_TLSV1_3
157
        if (mode == SSL_MODE_CLIENT)
158
            ctx = SSL_CTX_new(TLSv1_3_client_method());
159
        else if (mode == SSL_MODE_SERVER)
160
            ctx = SSL_CTX_new(TLSv1_3_server_method());
161
        else
162
            ctx = SSL_CTX_new(TLSv1_3_method());
163
#else
164
        tcn_Throw(e, "TLSv1.3 requested but not supported by this version of OpenSSL");
165
        goto init_failed;
166
#endif
167
    } else if (protocol == SSL_PROTOCOL_TLSV1_2) {
156
#ifdef HAVE_TLSV1_2
168
#ifdef HAVE_TLSV1_2
157
        if (mode == SSL_MODE_CLIENT)
169
        if (mode == SSL_MODE_CLIENT)
158
            ctx = SSL_CTX_new(TLSv1_2_client_method());
170
            ctx = SSL_CTX_new(TLSv1_2_client_method());
Lines 241-249 Link Here
241
    if (!(protocol & SSL_PROTOCOL_TLSV1_2))
253
    if (!(protocol & SSL_PROTOCOL_TLSV1_2))
242
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
254
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
243
#endif
255
#endif
256
#ifdef HAVE_TLSV1_3
257
    if (!(protocol & SSL_PROTOCOL_TLSV1_3))
258
        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_3);
259
#endif
244
260
245
#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
261
#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
246
    /* We first determine the maximum protocol version we should provide */
262
    /* We first determine the maximum protocol version we should provide */
263
#ifdef HAVE_TLSV1_3
264
    if (protocol & SSL_PROTOCOL_TLSV1_3) {
265
        prot = TLS1_3_VERSION;
266
    } else
267
/* NOTE the dangling else above: take care to preserve it */
268
#endif
247
    if (protocol & SSL_PROTOCOL_TLSV1_2) {
269
    if (protocol & SSL_PROTOCOL_TLSV1_2) {
248
        prot = TLS1_2_VERSION;
270
        prot = TLS1_2_VERSION;
249
    } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
271
    } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
Lines 261-266 Link Here
261
283
262
    /* Next we scan for the minimal protocol version we should provide,
284
    /* Next we scan for the minimal protocol version we should provide,
263
     * but we do not allow holes between max and min */
285
     * but we do not allow holes between max and min */
286
#ifdef HAVE_TLSV1_3
287
    if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) {
288
        prot = TLS1_2_VERSION;
289
    } else
290
/* NOTE the dangling else above: take care to preserve it */
291
#endif
264
    if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) {
292
    if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) {
265
        prot = TLS1_1_VERSION;
293
        prot = TLS1_1_VERSION;
266
    }
294
    }

Return to bug 62748