Merge pull request #60 from muzaffar1331/fix-tls13
Fix build errors in OpenSSL 1.1.0 and several other improvements . Done for IETF 102 hackathon.
This commit is contained in:
commit
069c56578a
@ -678,11 +678,15 @@ main(int argc, char **argv)
|
|||||||
else if (strcasecmp (optarg, "SSLv3") == 0)
|
else if (strcasecmp (optarg, "SSLv3") == 0)
|
||||||
param.ssl_protocol = 3;
|
param.ssl_protocol = 3;
|
||||||
#endif
|
#endif
|
||||||
else if (strcasecmp (optarg, "TLSv1") == 0)
|
else if (strcasecmp (optarg, "TLSv1.0") == 0 || strcasecmp (optarg, "TLSv1_0") == 0 || strcasecmp (optarg, "TLSv1") == 0)
|
||||||
param.ssl_protocol = 4;
|
param.ssl_protocol = 4;
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
else if (strcasecmp (optarg, "TLSv1.1") == 0 || strcasecmp (optarg, "TLSv1_1") == 0)
|
||||||
else if (strcasecmp (optarg, "TLSv1_3") == 0)
|
|
||||||
param.ssl_protocol = 5;
|
param.ssl_protocol = 5;
|
||||||
|
else if (strcasecmp (optarg, "TLSv1.2") == 0 || strcasecmp (optarg, "TLSv1_2") == 0)
|
||||||
|
param.ssl_protocol = 6;
|
||||||
|
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||||
|
else if (strcasecmp (optarg, "TLSv1.3") == 0 || strcasecmp (optarg, "TLSv1_3") == 0)
|
||||||
|
param.ssl_protocol = 7;
|
||||||
#endif
|
#endif
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -1007,12 +1011,9 @@ main(int argc, char **argv)
|
|||||||
|
|
||||||
SSL_library_init ();
|
SSL_library_init ();
|
||||||
SSL_load_error_strings ();
|
SSL_load_error_strings ();
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
||||||
OpenSSL_add_all_algorithms ();
|
|
||||||
#else
|
|
||||||
SSLeay_add_all_algorithms ();
|
SSLeay_add_all_algorithms ();
|
||||||
#endif
|
#endif
|
||||||
SSLeay_add_ssl_algorithms ();
|
|
||||||
|
|
||||||
switch (param.ssl_protocol)
|
switch (param.ssl_protocol)
|
||||||
{
|
{
|
||||||
@ -1029,8 +1030,11 @@ main(int argc, char **argv)
|
|||||||
case 2:
|
case 2:
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||||
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
|
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||||
break;
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3); break;
|
||||||
|
#else
|
||||||
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2); break;
|
||||||
|
#endif
|
||||||
#else
|
#else
|
||||||
ssl_ctx = SSL_CTX_new (SSLv2_client_method ()); break;
|
ssl_ctx = SSL_CTX_new (SSLv2_client_method ()); break;
|
||||||
#endif
|
#endif
|
||||||
@ -1041,26 +1045,57 @@ break;
|
|||||||
case 3:
|
case 3:
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||||
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
|
SSL_CTX_set_min_proto_version(ssl_ctx, SSL3_VERSION);
|
||||||
|
SSL_CTX_set_max_proto_version(ssl_ctx, SSL3_VERSION);
|
||||||
break;
|
break;
|
||||||
#else
|
#else
|
||||||
ssl_ctx = SSL_CTX_new (SSLv3_client_method ()); break;
|
ssl_ctx = SSL_CTX_new (SSLv3_client_method ()); break;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
/* 4/TLSv1 */
|
/* 4/TLSv1.0 */
|
||||||
case 4:
|
case 4:
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||||
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); break;
|
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
|
||||||
|
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION);
|
||||||
|
break;
|
||||||
#else
|
#else
|
||||||
ssl_ctx = SSL_CTX_new (TLSv1_client_method ()); break;
|
ssl_ctx = SSL_CTX_new (TLSv1_client_method ()); break;
|
||||||
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2); break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* 5/TLSv1.1 */
|
||||||
|
case 5:
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||||
/* 5/TLSv1_3 */
|
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
||||||
case 5: ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_1_VERSION);
|
||||||
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2); break;
|
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_1_VERSION);
|
||||||
|
break;
|
||||||
|
#else
|
||||||
|
ssl_ctx = SSL_CTX_new (TLSv1_client_method ()); break;
|
||||||
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2); break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* 6/TLSv1.2 */
|
||||||
|
case 6:
|
||||||
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||||
|
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
||||||
|
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_2_VERSION);
|
||||||
|
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_2_VERSION);
|
||||||
|
break;
|
||||||
|
#else
|
||||||
|
ssl_ctx = SSL_CTX_new (TLSv1_client_method ()); break;
|
||||||
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); break;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||||
|
/* 7/TLSv1.3 */
|
||||||
|
ssl_ctx = SSL_CTX_new (TLS_client_method ());
|
||||||
|
SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION);
|
||||||
|
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ssl_ctx) {
|
if (!ssl_ctx) {
|
||||||
@ -1272,9 +1307,11 @@ break;
|
|||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
case 3: printf (" --ssl-protocol=SSLv3"); break;
|
case 3: printf (" --ssl-protocol=SSLv3"); break;
|
||||||
#endif
|
#endif
|
||||||
case 4: printf (" --ssl-protocol=TLSv1"); break;
|
case 4: printf (" --ssl-protocol=TLSv1.0"); break;
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
case 5: printf (" --ssl-protocol=TLSv1.1"); break;
|
||||||
case 5: printf (" --ssl-protocol=TLSv1_3"); break;
|
case 6: printf (" --ssl-protocol=TLSv1.2"); break;
|
||||||
|
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||||
|
case 7: printf (" --ssl-protocol=TLSv1.3"); break;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user