From 091274a0d135e6269238bde2354fadbf592f24cb Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Tue, 7 Mar 2017 12:58:03 +0000 Subject: Provide support for libtls protocols and allow for protocols to be set on a TLS config. The ConnVersion function now also returns a protocol version instead of a string. --- regress/lib/libtls/gotls/tls.go | 50 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 47 insertions(+), 3 deletions(-) (limited to 'regress') diff --git a/regress/lib/libtls/gotls/tls.go b/regress/lib/libtls/gotls/tls.go index c6aab7789fc..0480888093d 100644 --- a/regress/lib/libtls/gotls/tls.go +++ b/regress/lib/libtls/gotls/tls.go @@ -23,6 +23,42 @@ var ( errWantPollOut = errors.New("want poll out") ) +// ProtocolVersion represents a TLS protocol version. +type ProtocolVersion uint32 + +// String returns the string representation of a protocol version. +func (pv ProtocolVersion) String() string { + name, ok := protocolNames[pv] + if !ok { + return "unknown protocol version" + } + return name +} + +const ( + ProtocolTLSv10 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_0 + ProtocolTLSv11 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_1 + ProtocolTLSv12 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_2 + ProtocolsAll ProtocolVersion = C.TLS_PROTOCOLS_ALL +) + +var protocolNames = map[ProtocolVersion]string{ + ProtocolTLSv10: "TLSv1.0", + ProtocolTLSv11: "TLSv1.1", + ProtocolTLSv12: "TLSv1.2", + ProtocolsAll: "all", +} + +// ProtocolVersionFromString returns the protocol version with the given name. +func ProtocolVersionFromString(version string) (ProtocolVersion, error) { + for proto, name := range protocolNames { + if version == name { + return proto, nil + } + } + return 0, errors.New("unknown protocol version") +} + // TLSConfig provides configuration options for a TLS context. type TLSConfig struct { tlsCfg *C.struct_tls_config @@ -71,6 +107,14 @@ func (c *TLSConfig) SetCAFile(filename string) error { return nil } +// SetProtocols sets the protocol versions enabled for the connection. +func (c *TLSConfig) SetProtocols(proto ProtocolVersion) error { + if C.tls_config_set_protocols(c.tlsCfg, C.uint32_t(proto)) != 0 { + return c.Error() + } + return nil +} + // InsecureNoVerifyCert disables certificate verification for the connection. func (c *TLSConfig) InsecureNoVerifyCert() { C.tls_config_insecure_noverifycert(c.tlsCfg) @@ -184,12 +228,12 @@ func (t *TLS) PeerCertNotAfter() (time.Time, error) { } // ConnVersion returns the protocol version of the connection. -func (t *TLS) ConnVersion() (string, error) { +func (t *TLS) ConnVersion() (ProtocolVersion, error) { ver := C.tls_conn_version(t.ctx) if ver == nil { - return "", errors.New("no connection version") + return 0, errors.New("no connection version") } - return C.GoString(ver), nil + return ProtocolVersionFromString(C.GoString(ver)) } // ConnCipher returns the cipher suite used for the connection. -- cgit v1.2.3