*
*/
-#ifdef REF_CHECK
-# include <assert.h>
-#endif
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/conf.h>
int version;
};
static const struct protocol_versions versions[] = {
+ {"None", 0},
{"SSLv3", SSL3_VERSION},
{"TLSv1", TLS1_VERSION},
{"TLSv1.1", TLS1_1_VERSION},
return -1;
}
+static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound)
+{
+ int method_version;
+ int new_version;
+
+ if (cctx->ctx != NULL)
+ method_version = cctx->ctx->method->version;
+ else if (cctx->ssl != NULL)
+ method_version = cctx->ssl->ctx->method->version;
+ else
+ return 0;
+ if ((new_version = protocol_from_string(value)) < 0)
+ return 0;
+ return ssl_set_version_bound(method_version, new_version, bound);
+}
+
/*
* cmd_MinProtocol - Set min protocol version
* @cctx: config structure to save settings in
*/
static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
{
- int version = protocol_from_string(value);
-
- if (version < 0)
- return 0;
-
- *(cctx->min_version) = version;
- return 1;
+ return min_max_proto(cctx, value, cctx->min_version);
}
/*
*/
static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value)
{
- int version = protocol_from_string(value);
-
- if (version < 0)
- return 0;
-
- *(cctx->max_version) = version;
- return 1;
+ return min_max_proto(cctx, value, cctx->max_version);
}
static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
SSL_CONF_CMD_SWITCH("bugs", 0),
SSL_CONF_CMD_SWITCH("no_comp", 0),
+ SSL_CONF_CMD_SWITCH("comp", 0),
SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("no_ticket", 0),
SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("strict", 0),
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- SSL_CONF_CMD_SWITCH("debug_broken_protocol", 0),
-#endif
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
SSL_CONF_CMD_STRING(Curves, "curves", 0),
{SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */
{SSL_OP_ALL, 0}, /* bugs */
{SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
+ {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
{SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
{SSL_OP_NO_TICKET, 0}, /* no_ticket */
{SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
/* no_legacy_server_connect */
{SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
{SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- {SSL_CERT_FLAG_BROKEN_PROTOCOL, SSL_TFLAG_CERT} /* debug_broken_protocol */
-#endif
};
static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)