summaryrefslogtreecommitdiff
path: root/legacy/ecore/src/lib
diff options
context:
space:
mode:
authorMike Blumenkrantz <michael.blumenkrantz@gmail.com>2010-09-18 08:36:13 +0000
committerMike Blumenkrantz <michael.blumenkrantz@gmail.com>2010-09-18 08:36:13 +0000
commita8ef623de7b70fc81300279aea56c08d8b870e0e (patch)
tree2a74bbbb827270c67c89de95d8a6e7ae7a5b9439 /legacy/ecore/src/lib
parent4dcae856ead0bc2cd1c1261e1b3264bd3f373d73 (diff)
allow mixing sslv3+tlsv1 in openssl, FINALLY FIX INITIAL BUG FOR OPENSSL SERVERS!
note that openssl servers still do not work because there is more than one bug :/ SVN revision: 52411
Diffstat (limited to 'legacy/ecore/src/lib')
-rw-r--r--legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c52
1 files changed, 24 insertions, 28 deletions
diff --git a/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c b/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c
index 41bee14422..53c4e113eb 100644
--- a/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c
+++ b/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c
@@ -717,44 +717,38 @@ _ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server *svr)
717static Ecore_Con_Ssl_Error 717static Ecore_Con_Ssl_Error
718_ecore_con_ssl_server_init_openssl(Ecore_Con_Server *svr) 718_ecore_con_ssl_server_init_openssl(Ecore_Con_Server *svr)
719{ 719{
720 long options;
721
720 switch (svr->type & ECORE_CON_SSL) 722 switch (svr->type & ECORE_CON_SSL)
721 { 723 {
722 case ECORE_CON_USE_SSL2: 724 case ECORE_CON_USE_SSL2:
723 case ECORE_CON_USE_SSL2 | ECORE_CON_LOAD_CERT: 725 case ECORE_CON_USE_SSL2 | ECORE_CON_LOAD_CERT:
724 /* Unsafe version of SSL */ 726 /* Unsafe version of SSL */
725 if (!(svr->ssl_ctx = 727 SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv2_client_method())));
726 SSL_CTX_new(SSLv2_client_method())))
727 return
728 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
729
730 break; 728 break;
731 729
732 case ECORE_CON_USE_SSL3: 730 case ECORE_CON_USE_SSL3:
733 case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT: 731 case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
734 if (!(svr->ssl_ctx = 732 SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv3_client_method())));
735 SSL_CTX_new(SSLv3_client_method())))
736 return
737 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
738
739 break; 733 break;
740 734
741 case ECORE_CON_USE_TLS: 735 case ECORE_CON_USE_TLS:
742 case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT: 736 case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
743 if (!(svr->ssl_ctx = 737 SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(TLSv1_client_method())));
744 SSL_CTX_new(TLSv1_client_method()))) 738 break;
745 return
746 ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
747 739
740 case ECORE_CON_USE_SSL3 | ECORE_CON_USE_TLS:
741 case ECORE_CON_USE_SSL3 | ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
742 SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv23_client_method())));
743 options = SSL_CTX_get_options(svr->ssl_ctx);
744 SSL_CTX_set_options(svr->ssl_ctx, options | SSL_OP_NO_SSLv2);
748 break; 745 break;
749 746
750 default: 747 default:
751 return ECORE_CON_SSL_ERROR_NONE; 748 return ECORE_CON_SSL_ERROR_NONE;
752 } 749 }
753 if (!(svr->ssl = SSL_new(svr->ssl_ctx))) 750
754 { 751 SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl = SSL_new(svr->ssl_ctx)));
755 SSL_CTX_free(svr->ssl_ctx);
756 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
757 }
758 752
759 if ((server_cert) && (server_cert->cert) && 753 if ((server_cert) && (server_cert->cert) &&
760 ((svr->type & ECORE_CON_SSL) & ECORE_CON_LOAD_CERT) == ECORE_CON_LOAD_CERT) 754 ((svr->type & ECORE_CON_SSL) & ECORE_CON_LOAD_CERT) == ECORE_CON_LOAD_CERT)
@@ -959,28 +953,30 @@ _ecore_con_ssl_client_prepare_openssl(Ecore_Con_Client *cl)
959static Ecore_Con_Ssl_Error 953static Ecore_Con_Ssl_Error
960_ecore_con_ssl_client_init_openssl(Ecore_Con_Client *cl) 954_ecore_con_ssl_client_init_openssl(Ecore_Con_Client *cl)
961{ 955{
956 long options;
957
962 switch (cl->server->type & ECORE_CON_SSL) 958 switch (cl->server->type & ECORE_CON_SSL)
963 { 959 {
964 case ECORE_CON_USE_SSL2: 960 case ECORE_CON_USE_SSL2:
965 case ECORE_CON_USE_SSL2 | ECORE_CON_LOAD_CERT: 961 case ECORE_CON_USE_SSL2 | ECORE_CON_LOAD_CERT:
966 /* Unsafe version of SSL */ 962 /* Unsafe version of SSL */
967 if (!(cl->ssl_ctx = SSL_CTX_new(SSLv2_client_method()))) 963 SSL_ERROR_CHECK_GOTO_ERROR(!(cl->ssl_ctx = SSL_CTX_new(SSLv2_server_method())));
968 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
969
970 break;
971 964
972 case ECORE_CON_USE_SSL3: 965 case ECORE_CON_USE_SSL3:
973 case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT: 966 case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
974 if (!(cl->ssl_ctx = SSL_CTX_new(SSLv3_client_method()))) 967 SSL_ERROR_CHECK_GOTO_ERROR(!(cl->ssl_ctx = SSL_CTX_new(SSLv3_server_method())));
975 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
976
977 break; 968 break;
978 969
979 case ECORE_CON_USE_TLS: 970 case ECORE_CON_USE_TLS:
980 case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT: 971 case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
981 if (!(cl->ssl_ctx = SSL_CTX_new(TLSv1_client_method()))) 972 SSL_ERROR_CHECK_GOTO_ERROR(!(cl->ssl_ctx = SSL_CTX_new(TLSv1_server_method())));
982 return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED; 973 break;
983 974
975 case ECORE_CON_USE_SSL3 | ECORE_CON_USE_TLS:
976 case ECORE_CON_USE_SSL3 | ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
977 SSL_ERROR_CHECK_GOTO_ERROR(!(cl->ssl_ctx = SSL_CTX_new(SSLv23_server_method())));
978 options = SSL_CTX_get_options(cl->ssl_ctx);
979 SSL_CTX_set_options(cl->ssl_ctx, options | SSL_OP_NO_SSLv2);
984 break; 980 break;
985 981
986 default: 982 default: