summaryrefslogtreecommitdiff
path: root/src/mod_mbedtls.c
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2022-04-11 23:14:29 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2022-04-11 23:14:29 -0400
commitf3258cef1fe7c84d105ce43c0357c11afcd8a248 (patch)
tree49566a47ce2abc7454e3500443c575162a5f39f2 /src/mod_mbedtls.c
parent3795c6740c6348a37a41199ff6259389cf208bee (diff)
downloadlighttpd-git-f3258cef1fe7c84d105ce43c0357c11afcd8a248.tar.gz
[mod_mbedtls] use newer mbedtls 3.2.0+ interfaces
Diffstat (limited to 'src/mod_mbedtls.c')
-rw-r--r--src/mod_mbedtls.c35
1 files changed, 35 insertions, 0 deletions
diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c
index b6769384..1f034369 100644
--- a/src/mod_mbedtls.c
+++ b/src/mod_mbedtls.c
@@ -4170,6 +4170,7 @@ mod_mbedtls_ssl_conf_curves(server *srv, plugin_config_socket *s, const buffer *
#endif /* MBEDTLS_VERSION_NUMBER >= 0x03010000 */ /* mbedtls 3.01.0 */
+#if MBEDTLS_VERSION_NUMBER < 0x03020000 /* mbedtls 3.02.0 */
static void
mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max)
{
@@ -4253,6 +4254,40 @@ mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *
? mbedtls_ssl_conf_max_version(s->ssl_ctx,MBEDTLS_SSL_MAJOR_VERSION_3,v)
: mbedtls_ssl_conf_min_version(s->ssl_ctx,MBEDTLS_SSL_MAJOR_VERSION_3,v);
}
+#else /* MBEDTLS_VERSION_NUMBER >= 0x03020000 */ /* mbedtls 3.02.0 */
+static void
+mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max)
+{
+ int v = MBEDTLS_SSL_VERSION_TLS1_2; /* default: TLS v1.2 */
+ if (NULL == b) /* default: min TLSv1.2, max TLSv1.3 */
+ v = max ? MBEDTLS_SSL_VERSION_TLS1_3 : MBEDTLS_SSL_VERSION_TLS1_2;
+ else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/
+ v = max ? MBEDTLS_SSL_VERSION_TLS1_3 : MBEDTLS_SSL_VERSION_TLS1_2;
+ else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.2")))
+ v = MBEDTLS_SSL_VERSION_TLS1_2;
+ else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.3")))
+ v = MBEDTLS_SSL_VERSION_TLS1_3;
+ else {
+ if (buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1"))
+ || buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1.2"))) {
+ log_error(srv->errh, __FILE__, __LINE__,
+ "MTLS: ssl.openssl.ssl-conf-cmd %s %s ignored",
+ max ? "MaxProtocol" : "MinProtocol", b->ptr);
+ return;
+ }
+ else {
+ log_error(srv->errh, __FILE__, __LINE__,
+ "MTLS: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored",
+ max ? "MaxProtocol" : "MinProtocol", b->ptr);
+ return;
+ }
+ }
+
+ max
+ ? mbedtls_ssl_conf_max_tls_version(s->ssl_ctx, v)
+ : mbedtls_ssl_conf_min_tls_version(s->ssl_ctx, v);
+}
+#endif /* MBEDTLS_VERSION_NUMBER >= 0x03020000 */ /* mbedtls 3.02.0 */
#if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */
#ifdef MBEDTLS_SSL_SERVER_NAME_INDICATION
View Lorry Controller Status