[sr-dev] git:master: tls: extended supportd tls methods

Daniel-Constantin Mierla miconda at gmail.com
Sun Nov 3 13:26:37 CET 2013 

Module: sip-router
Branch: master
Commit: ea32bf9d3cf36c3562ca34d572bbf07ed144e105
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ea32bf9d3cf36c3562ca34d572bbf07ed144e105

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Sun Nov  3 12:55:08 2013 +0100

tls: extended supportd tls methods

- TLSv1.1 and TLSv1.2 (from openssl 1.0.1e on) added to the internal
  list

---

 modules/tls/tls_config.c |   18 ++++++++++++++----
 modules/tls/tls_domain.h |    6 ++++++
 modules/tls/tls_init.c   |   16 +++++++++++++---
 3 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/modules/tls/tls_config.c b/modules/tls/tls_config.c
index 411446c..8742021 100644
--- a/modules/tls/tls_config.c
+++ b/modules/tls/tls_config.c
@@ -119,10 +119,12 @@ static int parse_ipv4(struct ip_addr* ip, cfg_token_t* token,
 
 
 static cfg_option_t methods[] = { 
-	{"SSLv2",  .val = TLS_USE_SSLv2},
-	{"SSLv3",  .val = TLS_USE_SSLv3},
-	{"SSLv23", .val = TLS_USE_SSLv23},
-	{"TLSv1",  .val = TLS_USE_TLSv1},
+	{"SSLv2",   .val = TLS_USE_SSLv2},
+	{"SSLv3",   .val = TLS_USE_SSLv3},
+	{"SSLv23",  .val = TLS_USE_SSLv23},
+	{"TLSv1",   .val = TLS_USE_TLSv1},
+	{"TLSv1.1", .val = TLS_USE_TLSv1_1},
+	{"TLSv1.2", .val = TLS_USE_TLSv1_2},
 	{0}
 };
 
@@ -458,5 +460,13 @@ int tls_parse_method(str* method)
     opt = cfg_lookup_token(methods, method);
     if (!opt) return -1;
 
+#if OPENSSL_VERSION_NUMBER < 0x1000105fL
+	if(opt->val == TLS_USE_TLSv1_2) {
+		LM_ERR("tls v1.2 not supported by this libssl version: %ld\n",
+				OPENSSL_VERSION_NUMBER);
+		return -1;
+	}
+#endif
+
     return opt->val;
 }
diff --git a/modules/tls/tls_domain.h b/modules/tls/tls_domain.h
index e4d1319..18afe47 100644
--- a/modules/tls/tls_domain.h
+++ b/modules/tls/tls_domain.h
@@ -48,6 +48,12 @@ enum tls_method {
 	TLS_USE_SSLv23_cli,
 	TLS_USE_SSLv23_srv,
 	TLS_USE_SSLv23,
+	TLS_USE_TLSv1_1_cli,
+	TLS_USE_TLSv1_1_srv,
+	TLS_USE_TLSv1_1,
+	TLS_USE_TLSv1_2_cli,
+	TLS_USE_TLSv1_2_srv,
+	TLS_USE_TLSv1_2,
 	TLS_METHOD_MAX
 };
 
diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
index b629afa..4b55c40 100644
--- a/modules/tls/tls_init.c
+++ b/modules/tls/tls_init.c
@@ -132,7 +132,7 @@ to compile on the  _target_ system)"
 int openssl_kssl_malloc_bug=0; /* is openssl bug #1467 present ? */
 #endif
 
-const SSL_METHOD* ssl_methods[TLS_USE_SSLv23 + 1];
+const SSL_METHOD* ssl_methods[TLS_METHOD_MAX];
 
 #ifdef NO_TLS_MALLOC_DBG
 #undef TLS_MALLOC_DBG /* extra malloc debug info from openssl */
@@ -350,14 +350,24 @@ static void init_ssl_methods(void)
 	ssl_methods[TLS_USE_SSLv3_cli - 1] = SSLv3_client_method();
 	ssl_methods[TLS_USE_SSLv3_srv - 1] = SSLv3_server_method();
 	ssl_methods[TLS_USE_SSLv3 - 1] = SSLv3_method();
-	
+
 	ssl_methods[TLS_USE_TLSv1_cli - 1] = TLSv1_client_method();
 	ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
 	ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
-	
+
 	ssl_methods[TLS_USE_SSLv23_cli - 1] = SSLv23_client_method();
 	ssl_methods[TLS_USE_SSLv23_srv - 1] = SSLv23_server_method();
 	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
+
+	ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
+	ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
+	ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
+
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
+	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
+	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
+	ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
+#endif
 }

More information about the sr-dev mailing list