diff options
Diffstat (limited to 'common/ssl_calls.c')
| -rw-r--r-- | common/ssl_calls.c | 81 |
1 files changed, 80 insertions, 1 deletions
diff --git a/common/ssl_calls.c b/common/ssl_calls.c index 0362f668..a741ef92 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -37,6 +37,7 @@ #include "arch.h" #include "ssl_calls.h" #include "trans.h" +#include "log.h" #define SSL_WANT_READ_WRITE_TIMEOUT 100 @@ -829,7 +830,6 @@ ssl_tls_can_recv(struct ssl_tls *tls, int sck, int millis) return g_sck_can_recv(sck, millis); } - /*****************************************************************************/ const char * ssl_get_version(const struct ssl_st *ssl) @@ -843,3 +843,82 @@ ssl_get_cipher_name(const struct ssl_st *ssl) { return SSL_get_cipher_name(ssl); } + +/*****************************************************************************/ +int +ssl_get_protocols_from_string(const char *str, long *ssl_protocols) +{ + long protocols; + long bad_protocols; + int rv; + + if ((str == NULL) || (ssl_protocols == NULL)) + { + return 1; + } + rv = 0; + protocols = 0; +#if defined(SSL_OP_NO_SSLv3) + protocols |= SSL_OP_NO_SSLv3; +#endif +#if defined(SSL_OP_NO_TLSv1) + protocols |= SSL_OP_NO_TLSv1; +#endif +#if defined(SSL_OP_NO_TLSv1_1) + protocols |= SSL_OP_NO_TLSv1_1; +#endif +#if defined(SSL_OP_NO_TLSv1_2) + protocols |= SSL_OP_NO_TLSv1_2; +#endif + bad_protocols = protocols; + if (g_pos(str, ",TLSv1.2,") >= 0) + { +#if defined(SSL_OP_NO_TLSv1_2) + log_message(LOG_LEVEL_DEBUG, "TLSv1.2 enabled"); + protocols &= ~SSL_OP_NO_TLSv1_2; +#else + log_message(LOG_LEVEL_DEBUG, "TLSv1.2 not enabled, not available"); + rv |= (1 << 1); +#endif + } + if (g_pos(str, ",TLSv1.1,") >= 0) + { +#if defined(SSL_OP_NO_TLSv1_1) + log_message(LOG_LEVEL_DEBUG, "TLSv1.1 enabled"); + protocols &= ~SSL_OP_NO_TLSv1_1; +#else + log_message(LOG_LEVEL_DEBUG, "TLSv1.1 not enabled, not available"); + rv |= (1 << 2); +#endif + } + if (g_pos(str, ",TLSv1,") >= 0) + { +#if defined(SSL_OP_NO_TLSv1) + log_message(LOG_LEVEL_DEBUG, "TLSv1 enabled"); + protocols &= ~SSL_OP_NO_TLSv1; +#else + log_message(LOG_LEVEL_DEBUG, "TLSv1 not enabled, not available"); + rv |= (1 << 3); +#endif + } + if (g_pos(str, ",SSLv3,") >= 0) + { +#if defined(SSL_OP_NO_SSLv3) + log_message(LOG_LEVEL_DEBUG, "SSLv3 enabled"); + protocols &= ~SSL_OP_NO_SSLv3; +#else + log_message(LOG_LEVEL_DEBUG, "SSLv3 not enabled, not available"); + rv |= (1 << 4); +#endif + } + if (protocols == bad_protocols) + { + log_message(LOG_LEVEL_WARNING, "No SSL/TLS protocols enabled. " + "At least one protocol should be enabled to accept " + "TLS connections."); + rv |= (1 << 5); + } + *ssl_protocols = protocols; + return rv; +} + |