Browse Source

[mod_wolfssl] use wolfSSL TLS version defines

now that mod_wolfssl is a standalone module, use wolfSSL TLS ver defines

(Increase compatibility of mod_wolfssl with wolfSSL versions prior to
 wolfSSL v4.2.0)
master
Glenn Strauss 6 months ago
parent
commit
6cf92dffe3
  1. 44
      src/mod_wolfssl.c

44
src/mod_wolfssl.c

@ -1052,7 +1052,6 @@ ssl_info_callback (const SSL *ssl, int where, int ret)
handler_ctx *hctx = (handler_ctx *) SSL_get_app_data(ssl);
if (hctx->renegotiations >= 0) ++hctx->renegotiations;
}
#ifdef TLS1_3_VERSION
/* https://github.com/openssl/openssl/issues/5721
* "TLSv1.3 unexpected InfoCallback after handshake completed" */
if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
@ -1066,7 +1065,6 @@ ssl_info_callback (const SSL *ssl, int where, int ret)
hctx->renegotiations = -1;
}
}
#endif
}
/* https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_verify(3)#EXAMPLES */
@ -3250,32 +3248,21 @@ static int
mod_openssl_ssl_conf_proto_val (server *srv, plugin_config_socket *s, const buffer *b, int max)
{
if (NULL == b) /* default: min TLSv1.2, max TLSv1.3 */
#ifdef TLS1_3_VERSION
return max ? TLS1_3_VERSION : TLS1_2_VERSION;
#else
return TLS1_2_VERSION;
#endif
return max ? WOLFSSL_TLSV1_3 : WOLFSSL_TLSV1_2;
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/
return max
?
#ifdef TLS1_3_VERSION
TLS1_3_VERSION
#else
TLS1_2_VERSION
#endif
: (s->ssl_use_sslv3 ? SSL3_VERSION : TLS1_VERSION);
? WOLFSSL_TLSV1_3
: (s->ssl_use_sslv3 ? WOLFSSL_SSLV3 : WOLFSSL_TLSV1);
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("SSLv3")))
return SSL3_VERSION;
return WOLFSSL_SSLV3;
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0")))
return TLS1_VERSION;
return WOLFSSL_TLSV1;
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.1")))
return TLS1_1_VERSION;
return WOLFSSL_TLSV1_1;
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.2")))
return TLS1_2_VERSION;
#ifdef TLS1_3_VERSION
return WOLFSSL_TLSV1_2;
else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.3")))
return TLS1_3_VERSION;
#endif
return WOLFSSL_TLSV1_3;
else {
if (buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1"))
|| buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1.2")))
@ -3287,11 +3274,7 @@ mod_openssl_ssl_conf_proto_val (server *srv, plugin_config_socket *s, const buff
"SSL: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored",
max ? "MaxProtocol" : "MinProtocol", b->ptr);
}
#ifdef TLS1_3_VERSION
return max ? TLS1_3_VERSION : TLS1_2_VERSION;
#else
return TLS1_2_VERSION;
#endif
return max ? WOLFSSL_TLSV1_3 : WOLFSSL_TLSV1_2;
}
@ -3398,15 +3381,6 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
if (minb) {
int n = mod_openssl_ssl_conf_proto_val(srv, s, minb, 0);
/*(wolfSSL_CTX_SetMinVersion() alt uses enums with different values)*/
switch (n) {
case SSL3_VERSION: n = WOLFSSL_SSLV3; break;
case TLS1_VERSION: n = WOLFSSL_TLSV1; break;
case TLS1_1_VERSION: n = WOLFSSL_TLSV1_1; break;
case TLS1_2_VERSION: n = WOLFSSL_TLSV1_2; break;
case TLS1_3_VERSION: n = WOLFSSL_TLSV1_3; break;
default: rc = -1; break;
}
if (wolfSSL_CTX_SetMinVersion(s->ssl_ctx, n) != WOLFSSL_SUCCESS)
rc = -1;
}

Loading…
Cancel
Save