dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-12-27 12:58:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removing deprecated methods to select the protocol

Browse Source 
Using TLS_method(), SSL_set_min_proto_version() and
SSL_set_max_proto_version().
This commit is contained in:
Bruno Silvestre 2018-07-02 10:31:45 -03:00
parent 89bdc6148c
commit 28e247dbc5
1 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/context.c
View File

@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
return 0; return 0;
} }
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
/** /**
* Find the protocol. * Find the protocol.
*/ */
static const SSL_METHOD* str2method(const char *method) static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
{ {
if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
*vmin = TLS1_VERSION;
*vmax = TLS1_2_VERSION;
return TLS_method();
}
else if (!strcmp(method, "tlsv1")) {
*vmin = TLS1_VERSION;
*vmax = TLS1_VERSION;
return TLS_method();
}
else if (!strcmp(method, "tlsv1_1")) {
*vmin = TLS1_1_VERSION;
*vmax = TLS1_1_VERSION;
return TLS_method();
}
else if (!strcmp(method, "tlsv1_2")) {
*vmin = TLS1_2_VERSION;
*vmax = TLS1_2_VERSION;
return TLS_method();
}
return NULL;
}
#else
/**
* Find the protocol.
*/
static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
{
(void)vmin;
(void)vmax;
if (!strcmp(method, "any")) return SSLv23_method(); if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
if (!strcmp(method, "tlsv1")) return TLSv1_method(); if (!strcmp(method, "tlsv1")) return TLSv1_method();
@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
return NULL; return NULL;
} }
#endif
/** /**
* Prepare the SSL handshake verify flag. * Prepare the SSL handshake verify flag.
*/ */
@ -279,9 +316,10 @@ static int create(lua_State *L)
p_context ctx; p_context ctx;
const char *str_method; const char *str_method;
const SSL_METHOD *method; const SSL_METHOD *method;
int vmin, vmax;
str_method = luaL_checkstring(L, 1); str_method = luaL_checkstring(L, 1);
method = str2method(str_method); method = str2method(str_method, &vmin, &vmax);
if (!method) { if (!method) {
lua_pushnil(L); lua_pushnil(L);
lua_pushfstring(L, "invalid protocol (%s)", str_method); lua_pushfstring(L, "invalid protocol (%s)", str_method);
@ -301,6 +339,10 @@ static int create(lua_State *L)
ERR_reason_error_string(ERR_get_error())); ERR_reason_error_string(ERR_get_error()));
return 2; return 2;
} }
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
SSL_CTX_set_min_proto_version(ctx->context, vmin);
SSL_CTX_set_max_proto_version(ctx->context, vmax);
#endif
ctx->mode = LSEC_MODE_INVALID; ctx->mode = LSEC_MODE_INVALID;
ctx->L = L; ctx->L = L;
luaL_getmetatable(L, "SSL:Context"); luaL_getmetatable(L, "SSL:Context");