diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2022-04-11 23:14:29 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2022-04-11 23:14:29 -0400 |
commit | f3258cef1fe7c84d105ce43c0357c11afcd8a248 (patch) | |
tree | 49566a47ce2abc7454e3500443c575162a5f39f2 /src/mod_mbedtls.c | |
parent | 3795c6740c6348a37a41199ff6259389cf208bee (diff) | |
download | lighttpd-git-f3258cef1fe7c84d105ce43c0357c11afcd8a248.tar.gz |
[mod_mbedtls] use newer mbedtls 3.2.0+ interfaces
Diffstat (limited to 'src/mod_mbedtls.c')
-rw-r--r-- | src/mod_mbedtls.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c index b6769384..1f034369 100644 --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c @@ -4170,6 +4170,7 @@ mod_mbedtls_ssl_conf_curves(server *srv, plugin_config_socket *s, const buffer * #endif /* MBEDTLS_VERSION_NUMBER >= 0x03010000 */ /* mbedtls 3.01.0 */ +#if MBEDTLS_VERSION_NUMBER < 0x03020000 /* mbedtls 3.02.0 */ static void mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max) { @@ -4253,6 +4254,40 @@ mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer * ? mbedtls_ssl_conf_max_version(s->ssl_ctx,MBEDTLS_SSL_MAJOR_VERSION_3,v) : mbedtls_ssl_conf_min_version(s->ssl_ctx,MBEDTLS_SSL_MAJOR_VERSION_3,v); } +#else /* MBEDTLS_VERSION_NUMBER >= 0x03020000 */ /* mbedtls 3.02.0 */ +static void +mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer *b, int max) +{ + int v = MBEDTLS_SSL_VERSION_TLS1_2; /* default: TLS v1.2 */ + if (NULL == b) /* default: min TLSv1.2, max TLSv1.3 */ + v = max ? MBEDTLS_SSL_VERSION_TLS1_3 : MBEDTLS_SSL_VERSION_TLS1_2; + else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ + v = max ? MBEDTLS_SSL_VERSION_TLS1_3 : MBEDTLS_SSL_VERSION_TLS1_2; + else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.2"))) + v = MBEDTLS_SSL_VERSION_TLS1_2; + else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.3"))) + v = MBEDTLS_SSL_VERSION_TLS1_3; + else { + if (buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1")) + || buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1.2"))) { + log_error(srv->errh, __FILE__, __LINE__, + "MTLS: ssl.openssl.ssl-conf-cmd %s %s ignored", + max ? "MaxProtocol" : "MinProtocol", b->ptr); + return; + } + else { + log_error(srv->errh, __FILE__, __LINE__, + "MTLS: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored", + max ? "MaxProtocol" : "MinProtocol", b->ptr); + return; + } + } + + max + ? mbedtls_ssl_conf_max_tls_version(s->ssl_ctx, v) + : mbedtls_ssl_conf_min_tls_version(s->ssl_ctx, v); +} +#endif /* MBEDTLS_VERSION_NUMBER >= 0x03020000 */ /* mbedtls 3.02.0 */ #if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */ #ifdef MBEDTLS_SSL_SERVER_NAME_INDICATION |