feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add SetMinVersion at context level

Browse Source
This commit is contained in:
toddouska
2015-03-13 12:20:39 -07:00
parent 84edbd1ff2
commit 4c2bf4ea34
4 changed files with 53 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/internal.c
View File

@ -359,6 +359,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
ctx->heap = ctx; /* defaults to self */
ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
ctx->minDowngrade = TLSv1_MINOR; /* current default */
if (InitMutex(&ctx->countMutex) < 0) {
WOLFSSL_MSG("Mutex error on CTX init");
@ -1488,7 +1489,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->verifyCallback = ctx->verifyCallback;
ssl->options.side = ctx->method->side;
ssl->options.downgrade = ctx->method->downgrade;
ssl->options.minDowngrade = TLSv1_MINOR; /* current default */
ssl->options.minDowngrade = ctx->minDowngrade;
if (ssl->options.side == WOLFSSL_SERVER_END)
ssl->options.haveDH = ctx->haveDH;

78
src/ssl.c
View File

@ -1568,6 +1568,54 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl)
}
/* make minVersion the internal equivilant SSL version */
static int SetMinVersionHelper(byte* minVersion, int version)
{
switch (version) {
#ifndef NO_OLD_TLS
case WOLFSSL_SSLV3:
*minVersion = SSLv3_MINOR;
break;
#endif
#ifndef NO_TLS
#ifndef NO_OLD_TLS
case WOLFSSL_TLSV1:
*minVersion = TLSv1_MINOR;
break;
case WOLFSSL_TLSV1_1:
*minVersion = TLSv1_1_MINOR;
break;
#endif
case WOLFSSL_TLSV1_2:
*minVersion = TLSv1_2_MINOR;
break;
#endif
default:
WOLFSSL_MSG("Bad function argument");
return BAD_FUNC_ARG;
}
return SSL_SUCCESS;
}
/* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetMinVersion");
if (ctx == NULL) {
WOLFSSL_MSG("Bad function argument");
return BAD_FUNC_ARG;
}
return SetMinVersionHelper(&ctx->minDowngrade, version);
}
/* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
{
@ -1578,35 +1626,7 @@ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
return BAD_FUNC_ARG;
}
switch (version) {
#ifndef NO_OLD_TLS
case WOLFSSL_SSLV3:
ssl->options.minDowngrade = SSLv3_MINOR;
break;
#endif
#ifndef NO_TLS
#ifndef NO_OLD_TLS
case WOLFSSL_TLSV1:
ssl->options.minDowngrade = TLSv1_MINOR;
break;
case WOLFSSL_TLSV1_1:
ssl->options.minDowngrade = TLSv1_1_MINOR;
break;
#endif
case WOLFSSL_TLSV1_2:
ssl->options.minDowngrade = TLSv1_2_MINOR;
break;
#endif
default:
WOLFSSL_MSG("Bad function argument");
return BAD_FUNC_ARG;
}
return SSL_SUCCESS;
return SetMinVersionHelper(&ssl->options.minDowngrade, version);
}

1
wolfssl/internal.h
View File

@ -1441,6 +1441,7 @@ struct WOLFSSL_CTX {
byte partialWrite; /* only one msg per write call */
byte quietShutdown; /* don't send close notify */
byte groupMessages; /* group handshake messages before sending */
byte minDowngrade; /* minimum downgrade version */
CallbackIORecv CBIORecv;
CallbackIOSend CBIOSend;
#ifdef WOLFSSL_DTLS

1
wolfssl/ssl.h
View File

@ -1038,6 +1038,7 @@ enum {
WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */
};
WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);