author | Stefan Teleman <stefan.teleman@oracle.com> |
Wed, 08 Apr 2015 14:38:53 -0700 | |
changeset 4070 | de7938d475ad |
child 4289 | a8f2d3273985 |
permissions | -rw-r--r-- |
4070
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
1 |
# Disable SSLv2, SSLv3 and TLSv1.0. |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
2 |
# Internal patch. Not a chance it will be accepted upstream. |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
3 |
--- src/ne_openssl.c 2014-09-20 11:59:52.000000000 -0700 |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
4 |
+++ src/ne_openssl.c 2015-04-03 13:40:17.212657899 -0700 |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
5 |
@@ -560,7 +560,7 @@ |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
6 |
{ |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
7 |
ne_ssl_context *ctx = ne_calloc(sizeof *ctx); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
8 |
if (mode == NE_SSL_CTX_CLIENT) { |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
9 |
- ctx->ctx = SSL_CTX_new(SSLv23_client_method()); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
10 |
+ ctx->ctx = SSL_CTX_new(TLSv1_1_client_method()); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
11 |
ctx->sess = NULL; |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
12 |
/* set client cert callback. */ |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
13 |
SSL_CTX_set_client_cert_cb(ctx->ctx, provide_client_cert); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
14 |
@@ -568,7 +568,7 @@ |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
15 |
SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
16 |
SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_PEER, verify_callback); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
17 |
} else if (mode == NE_SSL_CTX_SERVER) { |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
18 |
- ctx->ctx = SSL_CTX_new(SSLv23_server_method()); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
19 |
+ ctx->ctx = SSL_CTX_new(TLSv1_1_server_method()); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
20 |
SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
21 |
#ifdef SSL_OP_NO_TICKET |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
22 |
/* disable ticket support since it inhibits testing of session |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
23 |
@@ -590,6 +590,8 @@ |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
24 |
void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value) |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
25 |
{ |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
26 |
long opts = SSL_CTX_get_options(ctx->ctx); |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
27 |
+ opts |= SSL_OP_NO_SSLv2; |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
28 |
+ opts |= SSL_OP_NO_SSLv3; |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
29 |
|
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
30 |
switch (flag) { |
de7938d475ad
20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
31 |
case NE_SSL_CTX_SSLv2: |