summaryrefslogtreecommitdiff
path: root/libextra/gnutls_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'libextra/gnutls_openssl.c')
-rw-r--r--libextra/gnutls_openssl.c43
1 files changed, 30 insertions, 13 deletions
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index 601e547bd1..b61c3be822 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -20,7 +20,7 @@
#include <gcrypt.h>
#include <stdio.h>
#include <stdlib.h>
-#include "gnutls-openssl.h"
+#include "openssl.h"
static int last_error = 0;
@@ -135,7 +135,7 @@ SSL *SSL_new(SSL_CTX *ctx)
if (ctx->keyfile)
gnutls_certificate_set_x509_key_file(ssl->gnutls_cred, ctx->certfile,
ctx->keyfile, ctx->keyfile_type);
-
+ ssl->ctx = ctx;
ssl->verify_mode = ctx->verify_mode;
ssl->verify_callback = ctx->verify_callback;
@@ -197,6 +197,26 @@ int SSL_connect(SSL *ssl)
X509_STORE_CTX *store;
int cert_list_size = 0;
int err;
+ int i, j;
+ int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
+ /* take options into account before connecting */
+
+ if (ssl->options & SSL_OP_NO_TLSv1)
+ {
+ for (i=0, j=0;
+ i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0;
+ i++, j++)
+ {
+ if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
+ j++;
+ else
+ x_priority[i] = ssl->ctx->method->protocol_priority[j];
+ }
+ if (i < GNUTLS_MAX_ALGORITHM_NUM)
+ x_priority[i] = 0;
+ gnutls_protocol_set_priority (ssl->gnutls_state,
+ ssl->ctx->method->protocol_priority);
+ }
err = gnutls_handshake(ssl->gnutls_state);
ssl->last_error = err;
@@ -314,20 +334,17 @@ SSL_METHOD *SSLv23_client_method(void)
SSL_CIPHER *SSL_get_current_cipher(SSL *ssl)
{
- SSL_CIPHER *sslc;
-
- sslc = (SSL_CIPHER *)calloc(1, sizeof(SSL_CIPHER));
- if (!sslc)
+ if (!ssl)
return NULL;
- sslc->version = gnutls_protocol_get_version(ssl->gnutls_state);
- sslc->cipher = gnutls_cipher_get(ssl->gnutls_state);
- sslc->kx = gnutls_kx_get(ssl->gnutls_state);
- sslc->mac = gnutls_mac_get(ssl->gnutls_state);
- sslc->compression = gnutls_compression_get(ssl->gnutls_state);
- sslc->cert = gnutls_cert_type_get(ssl->gnutls_state);
+ ssl->ciphersuite.version = gnutls_protocol_get_version(ssl->gnutls_state);
+ ssl->ciphersuite.cipher = gnutls_cipher_get(ssl->gnutls_state);
+ ssl->ciphersuite.kx = gnutls_kx_get(ssl->gnutls_state);
+ ssl->ciphersuite.mac = gnutls_mac_get(ssl->gnutls_state);
+ ssl->ciphersuite.compression = gnutls_compression_get(ssl->gnutls_state);
+ ssl->ciphersuite.cert = gnutls_cert_type_get(ssl->gnutls_state);
- return sslc;
+ return &(ssl->ciphersuite);
}
const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher)
View Lorry Controller Status