Provide support for libtls protocols and allow for protocols to be set on

a TLS config. The ConnVersion function now also returns a protocol version instead of a string.
author: jsing <> 2017-03-07 12:58:02 +0000
committer: jsing <> 2017-03-07 12:58:02 +0000
commit: cc84ab676c85bc3063edd416a18c745549662c15 (patch)
tree: d6d11e16661787e2530749c1c8b79805718d180c
parent: 65981caf151f1a193fa20339f56174976bfbb6ad (diff)
download: openbsd-cc84ab676c85bc3063edd416a18c745549662c15.tar.gz
openbsd-cc84ab676c85bc3063edd416a18c745549662c15.tar.bz2
openbsd-cc84ab676c85bc3063edd416a18c745549662c15.zip
1 files changed, 47 insertions, 3 deletions
diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
index c6aab7789f..0480888093 100644
--- a/src/regress/lib/libtls/gotls/tls.go
+++ b/src/regress/lib/libtls/gotls/tls.go
@@ -23,6 +23,42 @@ var (
        errWantPollOut = errors.New("want poll out")
 )
+// ProtocolVersion represents a TLS protocol version.
+type ProtocolVersion uint32
+// String returns the string representation of a protocol version.
+func (pv ProtocolVersion) String() string {
+        name, ok := protocolNames[pv]
+        if !ok {
+                return "unknown protocol version"
+        }
+        return name
+}
+const (
+        ProtocolTLSv10 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_0
+        ProtocolTLSv11 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_1
+        ProtocolTLSv12 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_2
+        ProtocolsAll   ProtocolVersion = C.TLS_PROTOCOLS_ALL
+)
+var protocolNames = map[ProtocolVersion]string{
+        ProtocolTLSv10: "TLSv1.0",
+        ProtocolTLSv11: "TLSv1.1",
+        ProtocolTLSv12: "TLSv1.2",
+        ProtocolsAll:   "all",
+}
+// ProtocolVersionFromString returns the protocol version with the given name.
+func ProtocolVersionFromString(version string) (ProtocolVersion, error) {
+        for proto, name := range protocolNames {
+                if version == name {
+                        return proto, nil
+                }
+        }
+        return 0, errors.New("unknown protocol version")
+}
 // TLSConfig provides configuration options for a TLS context.
 type TLSConfig struct {
        tlsCfg *C.struct_tls_config
@@ -71,6 +107,14 @@ func (c *TLSConfig) SetCAFile(filename string) error {
        return nil
 }
+// SetProtocols sets the protocol versions enabled for the connection.
+func (c *TLSConfig) SetProtocols(proto ProtocolVersion) error {
+        if C.tls_config_set_protocols(c.tlsCfg, C.uint32_t(proto)) != 0 {
+                return c.Error()
+        }
+        return nil
+}
 // InsecureNoVerifyCert disables certificate verification for the connection.
 func (c *TLSConfig) InsecureNoVerifyCert() {
        C.tls_config_insecure_noverifycert(c.tlsCfg)
@@ -184,12 +228,12 @@ func (t *TLS) PeerCertNotAfter() (time.Time, error) {
 }
 // ConnVersion returns the protocol version of the connection.
-func (t *TLS) ConnVersion() (string, error) {
+func (t *TLS) ConnVersion() (ProtocolVersion, error) {
        ver := C.tls_conn_version(t.ctx)
        if ver == nil {
-                return "", errors.New("no connection version")
+                return 0, errors.New("no connection version")
        }
-        return C.GoString(ver), nil
+        return ProtocolVersionFromString(C.GoString(ver))
 }
 // ConnCipher returns the cipher suite used for the connection.
author	jsing <>	2017-03-07 12:58:02 +0000
committer	jsing <>	2017-03-07 12:58:02 +0000
commit	cc84ab676c85bc3063edd416a18c745549662c15 (patch)
tree	d6d11e16661787e2530749c1c8b79805718d180c
parent	65981caf151f1a193fa20339f56174976bfbb6ad (diff)
download	openbsd-cc84ab676c85bc3063edd416a18c745549662c15.tar.gz openbsd-cc84ab676c85bc3063edd416a18c745549662c15.tar.bz2 openbsd-cc84ab676c85bc3063edd416a18c745549662c15.zip

diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go index c6aab7789f..0480888093 100644 --- a/src/regress/lib/libtls/gotls/tls.go +++ b/src/regress/lib/libtls/gotls/tls.go
@@ -23,6 +23,42 @@ var (
23	errWantPollOut = errors.New("want poll out")	23	errWantPollOut = errors.New("want poll out")
24	)	24	)
25		25
		26	// ProtocolVersion represents a TLS protocol version.
		27	type ProtocolVersion uint32
		28
		29	// String returns the string representation of a protocol version.
		30	func (pv ProtocolVersion) String() string {
		31	name, ok := protocolNames[pv]
		32	if !ok {
		33	return "unknown protocol version"
		34	}
		35	return name
		36	}
		37
		38	const (
		39	ProtocolTLSv10 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_0
		40	ProtocolTLSv11 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_1
		41	ProtocolTLSv12 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_2
		42	ProtocolsAll ProtocolVersion = C.TLS_PROTOCOLS_ALL
		43	)
		44
		45	var protocolNames = map[ProtocolVersion]string{
		46	ProtocolTLSv10: "TLSv1.0",
		47	ProtocolTLSv11: "TLSv1.1",
		48	ProtocolTLSv12: "TLSv1.2",
		49	ProtocolsAll: "all",
		50	}
		51
		52	// ProtocolVersionFromString returns the protocol version with the given name.
		53	func ProtocolVersionFromString(version string) (ProtocolVersion, error) {
		54	for proto, name := range protocolNames {
		55	if version == name {
		56	return proto, nil
		57	}
		58	}
		59	return 0, errors.New("unknown protocol version")
		60	}
		61
26	// TLSConfig provides configuration options for a TLS context.	62	// TLSConfig provides configuration options for a TLS context.
27	type TLSConfig struct {	63	type TLSConfig struct {
28	tlsCfg *C.struct_tls_config	64	tlsCfg *C.struct_tls_config
@@ -71,6 +107,14 @@ func (c *TLSConfig) SetCAFile(filename string) error {
71	return nil	107	return nil
72	}	108	}
73		109
		110	// SetProtocols sets the protocol versions enabled for the connection.
		111	func (c *TLSConfig) SetProtocols(proto ProtocolVersion) error {
		112	if C.tls_config_set_protocols(c.tlsCfg, C.uint32_t(proto)) != 0 {
		113	return c.Error()
		114	}
		115	return nil
		116	}
		117
74	// InsecureNoVerifyCert disables certificate verification for the connection.	118	// InsecureNoVerifyCert disables certificate verification for the connection.
75	func (c *TLSConfig) InsecureNoVerifyCert() {	119	func (c *TLSConfig) InsecureNoVerifyCert() {
76	C.tls_config_insecure_noverifycert(c.tlsCfg)	120	C.tls_config_insecure_noverifycert(c.tlsCfg)
@@ -184,12 +228,12 @@ func (t *TLS) PeerCertNotAfter() (time.Time, error) {
184	}	228	}
185		229
186	// ConnVersion returns the protocol version of the connection.	230	// ConnVersion returns the protocol version of the connection.
187	func (t *TLS) ConnVersion() (string, error) {	231	func (t *TLS) ConnVersion() (ProtocolVersion, error) {
188	ver := C.tls_conn_version(t.ctx)	232	ver := C.tls_conn_version(t.ctx)
189	if ver == nil {	233	if ver == nil {
190	return "", errors.New("no connection version")	234	return 0, errors.New("no connection version")
191	}	235	}
192	return C.GoString(ver), nil	236	return ProtocolVersionFromString(C.GoString(ver))
193	}	237	}
194		238
195	// ConnCipher returns the cipher suite used for the connection.	239	// ConnCipher returns the cipher suite used for the connection.