2020-01-13 00:01:38 +01:00
|
|
|
$NetBSD: patch-ac,v 1.4 2020/01/12 23:01:38 joerg Exp $
|
2002-06-18 14:09:25 +02:00
|
|
|
|
2012-12-26 18:12:57 +01:00
|
|
|
* Include sys/filio.h for FIONBIO etc.
|
2016-03-27 00:05:10 +01:00
|
|
|
* Drop SSLv2 support
|
|
|
|
* Add TLSv1 support
|
2012-12-26 18:12:57 +01:00
|
|
|
|
|
|
|
--- lhs.c.orig 2001-02-27 17:37:10.000000000 +0000
|
|
|
|
+++ lhs.c
|
|
|
|
@@ -25,6 +25,9 @@
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#endif
|
|
|
|
#include "lhs.h"
|
|
|
|
+#if defined (__sun)
|
|
|
|
+#include <sys/filio.h>
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
#define debug(x...) { if (verbose) printf(x); }
|
|
|
|
|
2016-03-27 00:05:10 +01:00
|
|
|
@@ -467,12 +470,10 @@ int init_ssl()
|
|
|
|
SSL_load_error_strings();
|
|
|
|
SSLeay_add_ssl_algorithms();
|
|
|
|
|
|
|
|
- if (ssl_protocol == SSL2_VERSION)
|
|
|
|
- ctx = SSL_CTX_new(SSLv2_method());
|
|
|
|
- else {
|
|
|
|
- ctx = SSL_CTX_new(SSLv23_method());
|
|
|
|
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
|
|
|
|
- }
|
|
|
|
+ ctx = SSL_CTX_new(SSLv23_method());
|
|
|
|
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
|
|
|
|
+ if (ssl_protocol == TLS1_VERSION)
|
|
|
|
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
|
|
|
|
if (!ctx) {
|
|
|
|
fprintf(stderr, "SSL_CTX_new failed.\n");
|
|
|
|
return 0;
|
2020-01-13 00:01:38 +01:00
|
|
|
@@ -511,13 +512,13 @@ SSL *init_ssl_socket(int sock)
|
|
|
|
return NULL;
|
2016-03-27 00:05:10 +01:00
|
|
|
}
|
|
|
|
// SSL_set_session_id_context(ssl,AppContext,sizeof(AppContext));
|
2020-01-13 00:01:38 +01:00
|
|
|
- switch(ssl->session->ssl_version) {
|
2016-03-27 00:05:10 +01:00
|
|
|
- case SSL2_VERSION:
|
|
|
|
- debug("ssl2\n");
|
|
|
|
- break;
|
2020-01-13 00:01:38 +01:00
|
|
|
+ switch(SSL_SESSION_get_protocol_version(SSL_get_session(ssl))) {
|
2016-03-27 00:05:10 +01:00
|
|
|
case SSL3_VERSION:
|
|
|
|
debug("ssl3\n");
|
|
|
|
break;
|
|
|
|
+ case TLS1_VERSION:
|
|
|
|
+ debug("tls3\n");
|
|
|
|
+ break;
|
|
|
|
default:
|
|
|
|
debug("nieznany standard szyfrowania\n");
|
|
|
|
}
|
|
|
|
@@ -592,7 +593,7 @@ void usage(char *a0)
|
2002-06-18 14:09:25 +02:00
|
|
|
" -s version set SSL protocol version (default: SSLv2)\n"
|
|
|
|
" -c filename load certificate file (default: lhs.pem)\n"
|
|
|
|
#endif
|
|
|
|
-" -r path set server's root directory (default: /home/httpd/html)\n"
|
|
|
|
+" -r path set server's root directory (default: " DEFAULT_ROOT_DIR ")\n"
|
|
|
|
" -u user switch to other user after startup\n"
|
|
|
|
" -g group change gid to other than user's\n"
|
|
|
|
" -m socks set number of sockets (default: 50, min: 3)\n"
|
2016-03-27 00:05:10 +01:00
|
|
|
@@ -633,8 +634,8 @@ int main(int argc, char **argv)
|
|
|
|
cert_file = optarg;
|
|
|
|
break;
|
|
|
|
case 's':
|
|
|
|
- if (!strcasecmp(optarg, "ssl2") || !strcasecmp(optarg, "sslv2"))
|
|
|
|
- ssl_protocol = SSL2_VERSION;
|
|
|
|
+ if (!strcasecmp(optarg, "tls1") || !strcasecmp(optarg, "tls1"))
|
|
|
|
+ ssl_protocol = TLS1_VERSION;
|
|
|
|
else if (!strcasecmp(optarg, "ssl3") || !strcasecmp(optarg, "sslv3"))
|
|
|
|
ssl_protocol = SSL3_VERSION;
|
|
|
|
else {
|