summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/s23_clnt.c66
-rw-r--r--lib/libssl/s23_srvr.c65
-rw-r--r--lib/libssl/ssl.h5
-rw-r--r--lib/libssl/ssl_locl.h4
4 files changed, 136 insertions, 4 deletions
diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c
index 30d97683a7e..00954777fcd 100644
--- a/lib/libssl/s23_clnt.c
+++ b/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.38 2015/03/31 13:17:48 jsing Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.39 2015/07/19 06:31:32 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -120,6 +120,7 @@
static const SSL_METHOD *ssl23_get_client_method(int ver);
static int ssl23_client_hello(SSL *s);
static int ssl23_get_server_hello(SSL *s);
+static const SSL_METHOD *tls_get_client_method(int ver);
const SSL_METHOD SSLv23_client_method_data = {
.version = TLS1_2_VERSION,
@@ -153,6 +154,39 @@ const SSL_METHOD SSLv23_client_method_data = {
.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};
+const SSL_METHOD TLS_client_method_data = {
+ .version = TLS1_2_VERSION,
+ .ssl_new = tls1_new,
+ .ssl_clear = tls1_clear,
+ .ssl_free = tls1_free,
+ .ssl_accept = ssl_undefined_function,
+ .ssl_connect = tls_connect,
+ .ssl_read = ssl23_read,
+ .ssl_peek = ssl23_peek,
+ .ssl_write = ssl23_write,
+ .ssl_shutdown = ssl_undefined_function,
+ .ssl_renegotiate = ssl_undefined_function,
+ .ssl_renegotiate_check = ssl_ok,
+ .ssl_get_message = ssl3_get_message,
+ .ssl_read_bytes = ssl3_read_bytes,
+ .ssl_write_bytes = ssl3_write_bytes,
+ .ssl_dispatch_alert = ssl3_dispatch_alert,
+ .ssl_ctrl = ssl3_ctrl,
+ .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+ .get_cipher_by_char = ssl3_get_cipher_by_char,
+ .put_cipher_by_char = ssl3_put_cipher_by_char,
+ .ssl_pending = ssl_undefined_const_function,
+ .num_ciphers = ssl3_num_ciphers,
+ .get_cipher = ssl3_get_cipher,
+ .get_ssl_method = tls_get_client_method,
+ .get_timeout = ssl23_default_timeout,
+ .ssl3_enc = &ssl3_undef_enc_method,
+ .ssl_version = ssl_undefined_void_function,
+ .ssl_callback_ctrl = ssl3_callback_ctrl,
+ .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
+};
+
+
const SSL_METHOD *
SSLv23_client_method(void)
{
@@ -544,3 +578,33 @@ ssl23_get_server_hello(SSL *s)
err:
return (-1);
}
+
+const SSL_METHOD *
+TLS_client_method(void)
+{
+ return &TLS_client_method_data;
+}
+
+static const SSL_METHOD *
+tls_get_client_method(int ver)
+{
+ if (ver == SSL3_VERSION)
+ return (NULL);
+ else
+ return ssl23_get_client_method(ver);
+}
+
+int
+tls_connect(SSL *s)
+{
+ int ret;
+ unsigned long old_options;
+
+ old_options = s->options;
+
+ s->options |= SSL_OP_NO_SSLv3;
+ ret = ssl23_connect(s);
+ s->options = old_options;
+
+ return ret;
+}
diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c
index 99bfaf07e4b..f1914e0e8e1 100644
--- a/lib/libssl/s23_srvr.c
+++ b/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.39 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.40 2015/07/19 06:31:32 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -119,6 +119,7 @@
static const SSL_METHOD *ssl23_get_server_method(int ver);
int ssl23_get_client_hello(SSL *s);
+static const SSL_METHOD *tls_get_server_method(int ver);
const SSL_METHOD SSLv23_server_method_data = {
.version = TLS1_2_VERSION,
@@ -152,6 +153,38 @@ const SSL_METHOD SSLv23_server_method_data = {
.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
};
+const SSL_METHOD TLS_server_method_data = {
+ .version = TLS1_2_VERSION,
+ .ssl_new = tls1_new,
+ .ssl_clear = tls1_clear,
+ .ssl_free = tls1_free,
+ .ssl_accept = tls_accept,
+ .ssl_connect = ssl_undefined_function,
+ .ssl_read = ssl23_read,
+ .ssl_peek = ssl23_peek,
+ .ssl_write = ssl23_write,
+ .ssl_shutdown = ssl_undefined_function,
+ .ssl_renegotiate = ssl_undefined_function,
+ .ssl_renegotiate_check = ssl_ok,
+ .ssl_get_message = ssl3_get_message,
+ .ssl_read_bytes = ssl3_read_bytes,
+ .ssl_write_bytes = ssl3_write_bytes,
+ .ssl_dispatch_alert = ssl3_dispatch_alert,
+ .ssl_ctrl = ssl3_ctrl,
+ .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+ .get_cipher_by_char = ssl3_get_cipher_by_char,
+ .put_cipher_by_char = ssl3_put_cipher_by_char,
+ .ssl_pending = ssl_undefined_const_function,
+ .num_ciphers = ssl3_num_ciphers,
+ .get_cipher = ssl3_get_cipher,
+ .get_ssl_method = tls_get_server_method,
+ .get_timeout = ssl23_default_timeout,
+ .ssl3_enc = &ssl3_undef_enc_method,
+ .ssl_version = ssl_undefined_void_function,
+ .ssl_callback_ctrl = ssl3_callback_ctrl,
+ .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
+};
+
const SSL_METHOD *
SSLv23_server_method(void)
{
@@ -570,3 +603,33 @@ ssl23_get_client_hello(SSL *s)
return (SSL_accept(s));
}
+
+const SSL_METHOD *
+TLS_server_method(void)
+{
+ return &TLS_server_method_data;
+}
+
+static const SSL_METHOD *
+tls_get_server_method(int ver)
+{
+ if (ver == SSL3_VERSION)
+ return (NULL);
+ else
+ return ssl23_get_server_method(ver);
+}
+
+int
+tls_accept(SSL *s)
+{
+ int ret;
+ unsigned long old_options;
+
+ old_options = s->options;
+
+ s->options |= SSL_OP_NO_SSLv3;
+ ret = ssl23_accept(s);
+ s->options = old_options;
+
+ return ret;
+}
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 0a0a711a201..0cd220778b9 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.91 2015/07/18 19:41:54 doug Exp $ */
+/* $OpenBSD: ssl.h,v 1.92 2015/07/19 06:31:32 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1696,6 +1696,9 @@ const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
+const SSL_METHOD *TLS_method(void); /* TLS v1.0 or later */
+const SSL_METHOD *TLS_server_method(void); /* TLS v1.0 or later */
+const SSL_METHOD *TLS_client_method(void); /* TLS v1.0 or later */
const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index ba8fc799645..1c78770dfa5 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.98 2015/07/19 06:31:32 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -757,6 +757,8 @@ int ssl23_accept(SSL *s);
int ssl23_connect(SSL *s);
int ssl23_read_bytes(SSL *s, int n);
int ssl23_write_bytes(SSL *s);
+int tls_accept(SSL *s);
+int tls_connect(SSL *s);
int tls1_new(SSL *s);
void tls1_free(SSL *s);
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-01 00:42:40 +0000