ASF Bugzilla – Attachment 36174 Details for
Bug 62748
Add support for TLS 1.3 (RFC 8446)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch to enable TLSv1.3 (tcnative/trunk)
62748.diff (text/plain), 2.74 KB, created by
Christopher Schultz
on 2018-09-28 22:01:18 UTC
(
hide
)
Description:
Proposed patch to enable TLSv1.3 (tcnative/trunk)
Filename:
MIME Type:
Creator:
Christopher Schultz
Created:
2018-09-28 22:01:18 UTC
Size:
2.74 KB
patch
obsolete
>Index: native/include/ssl_private.h >=================================================================== >--- native/include/ssl_private.h (revision 1842283) >+++ native/include/ssl_private.h (working copy) >@@ -84,6 +84,7 @@ > #define SSL_PROTOCOL_TLSV1 (1<<2) > #define SSL_PROTOCOL_TLSV1_1 (1<<3) > #define SSL_PROTOCOL_TLSV1_2 (1<<4) >+#define SSL_PROTOCOL_TLSV1_3 (1<<5) > > #define SSL_MODE_CLIENT (0) > #define SSL_MODE_SERVER (1) >@@ -180,6 +181,10 @@ > #define HAVE_TLSV1_2 > #endif > >+#if defined(SSL_OP_NO_TLSv1_3) >+#define HAVE_TLSV1_3 >+#endif >+ > /* Check for SSL_CONF support */ > #if defined(SSL_CONF_FLAG_FILE) > #define HAVE_SSL_CONF_CMD >Index: native/src/sslcontext.c >=================================================================== >--- native/src/sslcontext.c (revision 1842283) >+++ native/src/sslcontext.c (working copy) >@@ -152,7 +152,19 @@ > } > > #if OPENSSL_VERSION_NUMBER < 0x10100000L >- if (protocol == SSL_PROTOCOL_TLSV1_2) { >+ if (protocol == SSL_PROTOCOL_TLSV1_3) { >+#ifdef HAVE_TLSV1_3 >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(TLSv1_3_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(TLSv1_3_server_method()); >+ else >+ ctx = SSL_CTX_new(TLSv1_3_method()); >+#else >+ tcn_Throw(e, "TLSv1.3 requested but not supported by this version of OpenSSL"); >+ goto init_failed; >+#endif >+ } else if (protocol == SSL_PROTOCOL_TLSV1_2) { > #ifdef HAVE_TLSV1_2 > if (mode == SSL_MODE_CLIENT) > ctx = SSL_CTX_new(TLSv1_2_client_method()); >@@ -241,9 +253,19 @@ > if (!(protocol & SSL_PROTOCOL_TLSV1_2)) > SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); > #endif >+#ifdef HAVE_TLSV1_3 >+ if (!(protocol & SSL_PROTOCOL_TLSV1_3)) >+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_3); >+#endif > > #else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ > /* We first determine the maximum protocol version we should provide */ >+#ifdef HAVE_TLSV1_3 >+ if (protocol & SSL_PROTOCOL_TLSV1_3) { >+ prot = TLS1_3_VERSION; >+ } else >+/* NOTE the dangling else above: take care to preserve it */ >+#endif > if (protocol & SSL_PROTOCOL_TLSV1_2) { > prot = TLS1_2_VERSION; > } else if (protocol & SSL_PROTOCOL_TLSV1_1) { >@@ -261,6 +283,12 @@ > > /* Next we scan for the minimal protocol version we should provide, > * but we do not allow holes between max and min */ >+#ifdef HAVE_TLSV1_3 >+ if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) { >+ prot = TLS1_2_VERSION; >+ } else >+/* NOTE the dangling else above: take care to preserve it */ >+#endif > if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) { > prot = TLS1_1_VERSION; > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 62748
:
36157
| 36174 |
36175
|
36179
|
36184