[patch] Proposed patch to enable TLSv1.3 (tcnative/trunk)

62748.diff (text/plain), 2.74 KB, created by Christopher Schultz on 2018-09-28 22:01:18 UTC

(hide)

Description: Proposed patch to enable TLSv1.3 (tcnative/trunk)

Filename:

MIME Type:

Creator: Christopher Schultz

Created: 2018-09-28 22:01:18 UTC

Size: 2.74 KB

patch

obsolete

>Index: native/include/ssl_private.h >=================================================================== >--- native/include/ssl_private.h (revision 1842283) >+++ native/include/ssl_private.h (working copy) >@@ -84,6 +84,7 @@ > #define SSL_PROTOCOL_TLSV1 (1<<2) > #define SSL_PROTOCOL_TLSV1_1 (1<<3) > #define SSL_PROTOCOL_TLSV1_2 (1<<4) >+#define SSL_PROTOCOL_TLSV1_3 (1<<5) > > #define SSL_MODE_CLIENT (0) > #define SSL_MODE_SERVER (1) >@@ -180,6 +181,10 @@ > #define HAVE_TLSV1_2 > #endif > >+#if defined(SSL_OP_NO_TLSv1_3) >+#define HAVE_TLSV1_3 >+#endif >+ > /* Check for SSL_CONF support */ > #if defined(SSL_CONF_FLAG_FILE) > #define HAVE_SSL_CONF_CMD >Index: native/src/sslcontext.c >=================================================================== >--- native/src/sslcontext.c (revision 1842283) >+++ native/src/sslcontext.c (working copy) >@@ -152,7 +152,19 @@ > } > > #if OPENSSL_VERSION_NUMBER < 0x10100000L >- if (protocol == SSL_PROTOCOL_TLSV1_2) { >+ if (protocol == SSL_PROTOCOL_TLSV1_3) { >+#ifdef HAVE_TLSV1_3 >+ if (mode == SSL_MODE_CLIENT) >+ ctx = SSL_CTX_new(TLSv1_3_client_method()); >+ else if (mode == SSL_MODE_SERVER) >+ ctx = SSL_CTX_new(TLSv1_3_server_method()); >+ else >+ ctx = SSL_CTX_new(TLSv1_3_method()); >+#else >+ tcn_Throw(e, "TLSv1.3 requested but not supported by this version of OpenSSL"); >+ goto init_failed; >+#endif >+ } else if (protocol == SSL_PROTOCOL_TLSV1_2) { > #ifdef HAVE_TLSV1_2 > if (mode == SSL_MODE_CLIENT) > ctx = SSL_CTX_new(TLSv1_2_client_method()); >@@ -241,9 +253,19 @@ > if (!(protocol & SSL_PROTOCOL_TLSV1_2)) > SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); > #endif >+#ifdef HAVE_TLSV1_3 >+ if (!(protocol & SSL_PROTOCOL_TLSV1_3)) >+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_3); >+#endif > > #else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ > /* We first determine the maximum protocol version we should provide */ >+#ifdef HAVE_TLSV1_3 >+ if (protocol & SSL_PROTOCOL_TLSV1_3) { >+ prot = TLS1_3_VERSION; >+ } else >+/* NOTE the dangling else above: take care to preserve it */ >+#endif > if (protocol & SSL_PROTOCOL_TLSV1_2) { > prot = TLS1_2_VERSION; > } else if (protocol & SSL_PROTOCOL_TLSV1_1) { >@@ -261,6 +283,12 @@ > > /* Next we scan for the minimal protocol version we should provide, > * but we do not allow holes between max and min */ >+#ifdef HAVE_TLSV1_3 >+ if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) { >+ prot = TLS1_2_VERSION; >+ } else >+/* NOTE the dangling else above: take care to preserve it */ >+#endif > if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) { > prot = TLS1_1_VERSION; > } View Attachment As Diff View Attachment As Raw

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]