Module: sip-router Branch: master Commit: ea32bf9d3cf36c3562ca34d572bbf07ed144e105 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ea32bf9… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: Sun Nov 3 12:55:08 2013 +0100 tls: extended supportd tls methods - TLSv1.1 and TLSv1.2 (from openssl 1.0.1e on) added to the internal list --- modules/tls/tls_config.c | 18 ++++++++++++++---- modules/tls/tls_domain.h | 6 ++++++ modules/tls/tls_init.c | 16 +++++++++++++--- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/modules/tls/tls_config.c b/modules/tls/tls_config.c index 411446c..8742021 100644 --- a/modules/tls/tls_config.c +++ b/modules/tls/tls_config.c @@ -119,10 +119,12 @@ static int parse_ipv4(struct ip_addr* ip, cfg_token_t* token, static cfg_option_t methods[] = { - {"SSLv2", .val = TLS_USE_SSLv2}, - {"SSLv3", .val = TLS_USE_SSLv3}, - {"SSLv23", .val = TLS_USE_SSLv23}, - {"TLSv1", .val = TLS_USE_TLSv1}, + {"SSLv2", .val = TLS_USE_SSLv2}, + {"SSLv3", .val = TLS_USE_SSLv3}, + {"SSLv23", .val = TLS_USE_SSLv23}, + {"TLSv1", .val = TLS_USE_TLSv1}, + {"TLSv1.1", .val = TLS_USE_TLSv1_1}, + {"TLSv1.2", .val = TLS_USE_TLSv1_2}, {0} }; @@ -458,5 +460,13 @@ int tls_parse_method(str* method) opt = cfg_lookup_token(methods, method); if (!opt) return -1; +#if OPENSSL_VERSION_NUMBER < 0x1000105fL + if(opt->val == TLS_USE_TLSv1_2) { + LM_ERR("tls v1.2 not supported by this libssl version: %ld\n", + OPENSSL_VERSION_NUMBER); + return -1; + } +#endif + return opt->val; } diff --git a/modules/tls/tls_domain.h b/modules/tls/tls_domain.h index e4d1319..18afe47 100644 --- a/modules/tls/tls_domain.h +++ b/modules/tls/tls_domain.h @@ -48,6 +48,12 @@ enum tls_method { TLS_USE_SSLv23_cli, TLS_USE_SSLv23_srv, TLS_USE_SSLv23, + TLS_USE_TLSv1_1_cli, + TLS_USE_TLSv1_1_srv, + TLS_USE_TLSv1_1, + TLS_USE_TLSv1_2_cli, + TLS_USE_TLSv1_2_srv, + TLS_USE_TLSv1_2, TLS_METHOD_MAX }; diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c index b629afa..4b55c40 100644 --- a/modules/tls/tls_init.c +++ b/modules/tls/tls_init.c @@ -132,7 +132,7 @@ to compile on the _target_ system)" int openssl_kssl_malloc_bug=0; /* is openssl bug #1467 present ? */ #endif -const SSL_METHOD* ssl_methods[TLS_USE_SSLv23 + 1]; +const SSL_METHOD* ssl_methods[TLS_METHOD_MAX]; #ifdef NO_TLS_MALLOC_DBG #undef TLS_MALLOC_DBG /* extra malloc debug info from openssl */ @@ -350,14 +350,24 @@ static void init_ssl_methods(void) ssl_methods[TLS_USE_SSLv3_cli - 1] = SSLv3_client_method(); ssl_methods[TLS_USE_SSLv3_srv - 1] = SSLv3_server_method(); ssl_methods[TLS_USE_SSLv3 - 1] = SSLv3_method(); - + ssl_methods[TLS_USE_TLSv1_cli - 1] = TLSv1_client_method(); ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method(); ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method(); - + ssl_methods[TLS_USE_SSLv23_cli - 1] = SSLv23_client_method(); ssl_methods[TLS_USE_SSLv23_srv - 1] = SSLv23_server_method(); ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method(); + + ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method(); + ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method(); + ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method(); + +#if OPENSSL_VERSION_NUMBER >= 0x1000105fL + ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method(); + ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method(); + ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method(); +#endif }