From 6cf92dffe34ece3e8b22d00efe9d88f87efb676e Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Thu, 17 Dec 2020 19:49:42 -0500 Subject: [PATCH] [mod_wolfssl] use wolfSSL TLS version defines now that mod_wolfssl is a standalone module, use wolfSSL TLS ver defines (Increase compatibility of mod_wolfssl with wolfSSL versions prior to wolfSSL v4.2.0) --- src/mod_wolfssl.c | 44 +++++++++----------------------------------- 1 file changed, 9 insertions(+), 35 deletions(-) diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c index 84d1ad38..c3652639 100644 --- a/src/mod_wolfssl.c +++ b/src/mod_wolfssl.c @@ -1052,7 +1052,6 @@ ssl_info_callback (const SSL *ssl, int where, int ret) handler_ctx *hctx = (handler_ctx *) SSL_get_app_data(ssl); if (hctx->renegotiations >= 0) ++hctx->renegotiations; } - #ifdef TLS1_3_VERSION /* https://github.com/openssl/openssl/issues/5721 * "TLSv1.3 unexpected InfoCallback after handshake completed" */ if (0 != (where & SSL_CB_HANDSHAKE_DONE)) { @@ -1066,7 +1065,6 @@ ssl_info_callback (const SSL *ssl, int where, int ret) hctx->renegotiations = -1; } } - #endif } /* https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_verify(3)#EXAMPLES */ @@ -3250,32 +3248,21 @@ static int mod_openssl_ssl_conf_proto_val (server *srv, plugin_config_socket *s, const buffer *b, int max) { if (NULL == b) /* default: min TLSv1.2, max TLSv1.3 */ - #ifdef TLS1_3_VERSION - return max ? TLS1_3_VERSION : TLS1_2_VERSION; - #else - return TLS1_2_VERSION; - #endif + return max ? WOLFSSL_TLSV1_3 : WOLFSSL_TLSV1_2; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("None"))) /*"disable" limit*/ return max - ? - #ifdef TLS1_3_VERSION - TLS1_3_VERSION - #else - TLS1_2_VERSION - #endif - : (s->ssl_use_sslv3 ? SSL3_VERSION : TLS1_VERSION); + ? WOLFSSL_TLSV1_3 + : (s->ssl_use_sslv3 ? WOLFSSL_SSLV3 : WOLFSSL_TLSV1); else if (buffer_eq_icase_slen(b, CONST_STR_LEN("SSLv3"))) - return SSL3_VERSION; + return WOLFSSL_SSLV3; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) - return TLS1_VERSION; + return WOLFSSL_TLSV1; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.1"))) - return TLS1_1_VERSION; + return WOLFSSL_TLSV1_1; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.2"))) - return TLS1_2_VERSION; - #ifdef TLS1_3_VERSION + return WOLFSSL_TLSV1_2; else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.3"))) - return TLS1_3_VERSION; - #endif + return WOLFSSL_TLSV1_3; else { if (buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1")) || buffer_eq_icase_slen(b, CONST_STR_LEN("DTLSv1.2"))) @@ -3287,11 +3274,7 @@ mod_openssl_ssl_conf_proto_val (server *srv, plugin_config_socket *s, const buff "SSL: ssl.openssl.ssl-conf-cmd %s %s invalid; ignored", max ? "MaxProtocol" : "MinProtocol", b->ptr); } - #ifdef TLS1_3_VERSION - return max ? TLS1_3_VERSION : TLS1_2_VERSION; - #else - return TLS1_2_VERSION; - #endif + return max ? WOLFSSL_TLSV1_3 : WOLFSSL_TLSV1_2; } @@ -3398,15 +3381,6 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s) if (minb) { int n = mod_openssl_ssl_conf_proto_val(srv, s, minb, 0); - /*(wolfSSL_CTX_SetMinVersion() alt uses enums with different values)*/ - switch (n) { - case SSL3_VERSION: n = WOLFSSL_SSLV3; break; - case TLS1_VERSION: n = WOLFSSL_TLSV1; break; - case TLS1_1_VERSION: n = WOLFSSL_TLSV1_1; break; - case TLS1_2_VERSION: n = WOLFSSL_TLSV1_2; break; - case TLS1_3_VERSION: n = WOLFSSL_TLSV1_3; break; - default: rc = -1; break; - } if (wolfSSL_CTX_SetMinVersion(s->ssl_ctx, n) != WOLFSSL_SUCCESS) rc = -1; }