From fbc5c8d6dc5d90f59618af2f079eb802fc7a082d Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 31 May 2012 15:24:25 -0700 Subject: [PATCH] add SSL set version, different from ctx version --- cyassl/internal.h | 3 --- cyassl/ssl.h | 5 +++++ src/internal.c | 11 ++++------ src/ssl.c | 55 ++++++++++++++++++++++++++++++++++++++++++----- 4 files changed, 59 insertions(+), 15 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 99baa3c0d..02046eb18 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -475,9 +475,6 @@ struct CYASSL_BIO { struct CYASSL_METHOD { ProtocolVersion version; byte side; /* connection side, server or client */ - byte verifyPeer; /* request or send certificate */ - byte verifyNone; /* whether to verify certificate */ - byte failNoCert; /* fail if no certificate */ byte downgrade; /* whether to downgrade version, default no */ }; diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 9d37b869a..95d222bf2 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -769,10 +769,15 @@ CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx); /* CA cache callbacks */ enum { + CYASSL_SSLV3 = 0, + CYASSL_TLSV1 = 1, + CYASSL_TLSV1_1 = 2, + CYASSL_TLSV1_2 = 3, CYASSL_USER_CA = 1, /* user added as trusted */ CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */ }; +CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version); CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*, int, const char*); diff --git a/src/internal.c b/src/internal.c index 446c069ab..4e807f1bd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -315,9 +315,6 @@ void InitSSL_Method(CYASSL_METHOD* method, ProtocolVersion pv) { method->version = pv; method->side = CLIENT_END; - method->verifyPeer = 0; - method->verifyNone = 0; - method->failNoCert = 0; method->downgrade = 0; } @@ -913,11 +910,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) if (ssl->options.side == SERVER_END) InitSuites(&ssl->suites, ssl->version,ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA, - ssl->options.haveStaticECC, ssl->ctx->method->side); + ssl->options.haveStaticECC, ssl->options.side); else InitSuites(&ssl->suites, ssl->version, TRUE, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA, - ssl->options.haveStaticECC, ssl->ctx->method->side); + ssl->options.haveStaticECC, ssl->options.side); #ifdef SESSION_CERTS @@ -5850,7 +5847,7 @@ int SetCipherList(Suites* s, const char* list) InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA, - ssl->options.haveStaticECC, ssl->ctx->method->side); + ssl->options.haveStaticECC, ssl->options.side); } /* suite size */ @@ -5981,7 +5978,7 @@ int SetCipherList(Suites* s, const char* list) #endif InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA, - ssl->options.haveStaticECC, ssl->ctx->method->side); + ssl->options.haveStaticECC, ssl->options.side); } /* random */ XMEMCPY(ssl->arrays.clientRandom, input + i, RAN_LEN); diff --git a/src/ssl.c b/src/ssl.c index 9bc526ab1..2a5cfefb9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -228,7 +228,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, #endif InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA, - ssl->options.haveStaticECC, ssl->ctx->method->side); + ssl->options.haveStaticECC, ssl->options.side); CYASSL_LEAVE("CyaSSL_SetTmpDH", 0); return 0; @@ -473,6 +473,51 @@ int CyaSSL_set_group_messages(CYASSL* ssl) } +int CyaSSL_SetVersion(CYASSL* ssl, int version) +{ + byte havePSK = 0; + + CYASSL_ENTER("CyaSSL_SetVersion"); + + if (ssl == NULL) { + CYASSL_MSG("Bad function argument"); + return BAD_FUNC_ARG; + } + + switch (version) { + case CYASSL_SSLV3: + ssl->version = MakeSSLv3(); + break; + + case CYASSL_TLSV1: + ssl->version = MakeTLSv1(); + break; + + case CYASSL_TLSV1_1: + ssl->version = MakeTLSv1_1(); + break; + + case CYASSL_TLSV1_2: + ssl->version = MakeTLSv1_2(); + break; + + default: + CYASSL_MSG("Bad function argument"); + return BAD_FUNC_ARG; + } + + #ifndef NO_PSK + havePSK = ssl->options.havePSK; + #endif + + InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, + ssl->options.haveNTRU, ssl->options.haveECDSA, + ssl->options.haveStaticECC, ssl->options.side); + + return SSL_SUCCESS; +} + + /* does CA already exist on signer list */ int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash) { @@ -2064,7 +2109,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA, - ssl->options.haveStaticECC, ssl->ctx->method->side); + ssl->options.haveStaticECC, ssl->options.side); return SSL_SUCCESS; } @@ -3088,7 +3133,7 @@ int CyaSSL_set_compression(CYASSL* ssl) InitSuites(&ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU, ssl->options.haveECDSA, ssl->options.haveStaticECC, - ssl->ctx->method->side); + ssl->options.side); } @@ -3109,7 +3154,7 @@ int CyaSSL_set_compression(CYASSL* ssl) InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE, ssl->options.haveNTRU, ssl->options.haveECDSA, - ssl->options.haveStaticECC, ssl->ctx->method->side); + ssl->options.haveStaticECC, ssl->options.side); } @@ -3343,7 +3388,7 @@ int CyaSSL_set_compression(CYASSL* ssl) #endif InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA, - ssl->options.haveStaticECC, ssl->ctx->method->side); + ssl->options.haveStaticECC, ssl->options.side); }