dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-11-08 06:28:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removing deprecated methods to select the protocol

Browse Source 
Using TLS_method(), SSL_set_min_proto_version() and
SSL_set_max_proto_version().
This commit is contained in:
Bruno Silvestre 2018-07-02 10:31:45 -03:00
parent 89bdc6148c
commit 28e247dbc5
1 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/context.c
View File

@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
return 0;
}
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
/**
* Find the protocol.
*/
static const SSL_METHOD* str2method(const char *method)
static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
{
if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
*vmin = TLS1_VERSION;
*vmax = TLS1_2_VERSION;
return TLS_method();
}
else if (!strcmp(method, "tlsv1")) {
*vmin = TLS1_VERSION;
*vmax = TLS1_VERSION;
return TLS_method();
}
else if (!strcmp(method, "tlsv1_1")) {
*vmin = TLS1_1_VERSION;
*vmax = TLS1_1_VERSION;
return TLS_method();
}
else if (!strcmp(method, "tlsv1_2")) {
*vmin = TLS1_2_VERSION;
*vmax = TLS1_2_VERSION;
return TLS_method();
}
return NULL;
}
#else
/**
* Find the protocol.
*/
static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
{
(void)vmin;
(void)vmax;
if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
if (!strcmp(method, "tlsv1")) return TLSv1_method();
@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
return NULL;
}
#endif
/**
* Prepare the SSL handshake verify flag.
*/
@ -279,9 +316,10 @@ static int create(lua_State *L)
p_context ctx;
const char *str_method;
const SSL_METHOD *method;
int vmin, vmax;
str_method = luaL_checkstring(L, 1);
method = str2method(str_method);
method = str2method(str_method, &vmin, &vmax);
if (!method) {
lua_pushnil(L);
lua_pushfstring(L, "invalid protocol (%s)", str_method);
@ -301,6 +339,10 @@ static int create(lua_State *L)
ERR_reason_error_string(ERR_get_error()));
return 2;
}
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
SSL_CTX_set_min_proto_version(ctx->context, vmin);
SSL_CTX_set_max_proto_version(ctx->context, vmax);
#endif
ctx->mode = LSEC_MODE_INVALID;
ctx->L = L;
luaL_getmetatable(L, "SSL:Context");