diff options
| author | jsing <> | 2017-01-23 14:35:42 +0000 |
|---|---|---|
| committer | jsing <> | 2017-01-23 14:35:42 +0000 |
| commit | fa9356a54359643aa5b7a6217b6f158080b19d7d (patch) | |
| tree | 27eab6f3272b4b46f77e786896eae8e697800969 /src/lib/libssl/ssl_lib.c | |
| parent | 4ae6fa4e9b3c20e6347b1b4ad62b1051ed5d7630 (diff) | |
| download | openbsd-fa9356a54359643aa5b7a6217b6f158080b19d7d.tar.gz openbsd-fa9356a54359643aa5b7a6217b6f158080b19d7d.tar.bz2 openbsd-fa9356a54359643aa5b7a6217b6f158080b19d7d.zip | |
Move options and mode from SSL_CTX and SSL to internal, since these can be
set and cleared via existing functions.
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index edcbe9d20a..20b671022d 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.139 2017/01/23 13:36:13 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.140 2017/01/23 14:35:42 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -284,8 +284,8 @@ SSL_new(SSL_CTX *ctx) | |||
| 284 | return (NULL); | 284 | return (NULL); |
| 285 | } | 285 | } |
| 286 | 286 | ||
| 287 | s->options = ctx->options; | 287 | s->internal->options = ctx->internal->options; |
| 288 | s->mode = ctx->mode; | 288 | s->internal->mode = ctx->internal->mode; |
| 289 | s->internal->max_cert_list = ctx->internal->max_cert_list; | 289 | s->internal->max_cert_list = ctx->internal->max_cert_list; |
| 290 | 290 | ||
| 291 | if (ctx->internal->cert != NULL) { | 291 | if (ctx->internal->cert != NULL) { |
| @@ -1059,13 +1059,13 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1059 | return (1); | 1059 | return (1); |
| 1060 | 1060 | ||
| 1061 | case SSL_CTRL_OPTIONS: | 1061 | case SSL_CTRL_OPTIONS: |
| 1062 | return (s->options|=larg); | 1062 | return (s->internal->options|=larg); |
| 1063 | case SSL_CTRL_CLEAR_OPTIONS: | 1063 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1064 | return (s->options&=~larg); | 1064 | return (s->internal->options&=~larg); |
| 1065 | case SSL_CTRL_MODE: | 1065 | case SSL_CTRL_MODE: |
| 1066 | return (s->mode|=larg); | 1066 | return (s->internal->mode|=larg); |
| 1067 | case SSL_CTRL_CLEAR_MODE: | 1067 | case SSL_CTRL_CLEAR_MODE: |
| 1068 | return (s->mode &=~larg); | 1068 | return (s->internal->mode &=~larg); |
| 1069 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1069 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1070 | return (s->internal->max_cert_list); | 1070 | return (s->internal->max_cert_list); |
| 1071 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1071 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| @@ -1181,13 +1181,13 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 1181 | case SSL_CTRL_SESS_CACHE_FULL: | 1181 | case SSL_CTRL_SESS_CACHE_FULL: |
| 1182 | return (ctx->internal->stats.sess_cache_full); | 1182 | return (ctx->internal->stats.sess_cache_full); |
| 1183 | case SSL_CTRL_OPTIONS: | 1183 | case SSL_CTRL_OPTIONS: |
| 1184 | return (ctx->options|=larg); | 1184 | return (ctx->internal->options|=larg); |
| 1185 | case SSL_CTRL_CLEAR_OPTIONS: | 1185 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1186 | return (ctx->options&=~larg); | 1186 | return (ctx->internal->options&=~larg); |
| 1187 | case SSL_CTRL_MODE: | 1187 | case SSL_CTRL_MODE: |
| 1188 | return (ctx->mode|=larg); | 1188 | return (ctx->internal->mode|=larg); |
| 1189 | case SSL_CTRL_CLEAR_MODE: | 1189 | case SSL_CTRL_CLEAR_MODE: |
| 1190 | return (ctx->mode&=~larg); | 1190 | return (ctx->internal->mode&=~larg); |
| 1191 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1191 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1192 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1192 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| 1193 | return (0); | 1193 | return (0); |
| @@ -1941,7 +1941,7 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1941 | * Default is to connect to non-RI servers. When RI is more widely | 1941 | * Default is to connect to non-RI servers. When RI is more widely |
| 1942 | * deployed might change this. | 1942 | * deployed might change this. |
| 1943 | */ | 1943 | */ |
| 1944 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; | 1944 | ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT; |
| 1945 | 1945 | ||
| 1946 | return (ret); | 1946 | return (ret); |
| 1947 | err: | 1947 | err: |
| @@ -2516,18 +2516,18 @@ ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) | |||
| 2516 | min_version = 0; | 2516 | min_version = 0; |
| 2517 | max_version = TLS1_2_VERSION; | 2517 | max_version = TLS1_2_VERSION; |
| 2518 | 2518 | ||
| 2519 | if ((s->options & SSL_OP_NO_TLSv1) == 0) | 2519 | if ((s->internal->options & SSL_OP_NO_TLSv1) == 0) |
| 2520 | min_version = TLS1_VERSION; | 2520 | min_version = TLS1_VERSION; |
| 2521 | else if ((s->options & SSL_OP_NO_TLSv1_1) == 0) | 2521 | else if ((s->internal->options & SSL_OP_NO_TLSv1_1) == 0) |
| 2522 | min_version = TLS1_1_VERSION; | 2522 | min_version = TLS1_1_VERSION; |
| 2523 | else if ((s->options & SSL_OP_NO_TLSv1_2) == 0) | 2523 | else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0) |
| 2524 | min_version = TLS1_2_VERSION; | 2524 | min_version = TLS1_2_VERSION; |
| 2525 | 2525 | ||
| 2526 | if ((s->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) | 2526 | if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) |
| 2527 | max_version = TLS1_1_VERSION; | 2527 | max_version = TLS1_1_VERSION; |
| 2528 | if ((s->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) | 2528 | if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) |
| 2529 | max_version = TLS1_VERSION; | 2529 | max_version = TLS1_VERSION; |
| 2530 | if ((s->options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION) | 2530 | if ((s->internal->options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION) |
| 2531 | max_version = 0; | 2531 | max_version = 0; |
| 2532 | 2532 | ||
| 2533 | /* Everything has been disabled... */ | 2533 | /* Everything has been disabled... */ |
| @@ -2586,13 +2586,13 @@ ssl_max_server_version(SSL *s) | |||
| 2586 | if (SSL_IS_DTLS(s)) | 2586 | if (SSL_IS_DTLS(s)) |
| 2587 | return (DTLS1_VERSION); | 2587 | return (DTLS1_VERSION); |
| 2588 | 2588 | ||
| 2589 | if ((s->options & SSL_OP_NO_TLSv1_2) == 0 && | 2589 | if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0 && |
| 2590 | max_version >= TLS1_2_VERSION) | 2590 | max_version >= TLS1_2_VERSION) |
| 2591 | return (TLS1_2_VERSION); | 2591 | return (TLS1_2_VERSION); |
| 2592 | if ((s->options & SSL_OP_NO_TLSv1_1) == 0 && | 2592 | if ((s->internal->options & SSL_OP_NO_TLSv1_1) == 0 && |
| 2593 | max_version >= TLS1_1_VERSION) | 2593 | max_version >= TLS1_1_VERSION) |
| 2594 | return (TLS1_1_VERSION); | 2594 | return (TLS1_1_VERSION); |
| 2595 | if ((s->options & SSL_OP_NO_TLSv1) == 0 && | 2595 | if ((s->internal->options & SSL_OP_NO_TLSv1) == 0 && |
| 2596 | max_version >= TLS1_VERSION) | 2596 | max_version >= TLS1_VERSION) |
| 2597 | return (TLS1_VERSION); | 2597 | return (TLS1_VERSION); |
| 2598 | 2598 | ||
| @@ -2642,8 +2642,8 @@ SSL_dup(SSL *s) | |||
| 2642 | s->sid_ctx, s->sid_ctx_length); | 2642 | s->sid_ctx, s->sid_ctx_length); |
| 2643 | } | 2643 | } |
| 2644 | 2644 | ||
| 2645 | ret->options = s->options; | 2645 | ret->internal->options = s->internal->options; |
| 2646 | ret->mode = s->mode; | 2646 | ret->internal->mode = s->internal->mode; |
| 2647 | SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); | 2647 | SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); |
| 2648 | SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); | 2648 | SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); |
| 2649 | ret->internal->msg_callback = s->internal->msg_callback; | 2649 | ret->internal->msg_callback = s->internal->msg_callback; |