1 files changed, 64 insertions, 1 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 99bfaf07e4..f1914e0e8e 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.39 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.40 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -119,6 +119,7 @@
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
+static const SSL_METHOD *tls_get_server_method(int ver);
 const SSL_METHOD SSLv23_server_method_data = {
        .version = TLS1_2_VERSION,
@@ -152,6 +153,38 @@ const SSL_METHOD SSLv23_server_method_data = {
        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
 };
+const SSL_METHOD TLS_server_method_data = {
+        .version = TLS1_2_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = tls_accept,
+        .ssl_connect = ssl_undefined_function,
+        .ssl_read = ssl23_read,
+        .ssl_peek = ssl23_peek,
+        .ssl_write = ssl23_write,
+        .ssl_shutdown = ssl_undefined_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = ssl3_read_bytes,
+        .ssl_write_bytes = ssl3_write_bytes,
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .ssl_ctrl = ssl3_ctrl,
+        .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .ssl_pending = ssl_undefined_const_function,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_ssl_method = tls_get_server_method,
+        .get_timeout = ssl23_default_timeout,
+        .ssl3_enc = &ssl3_undef_enc_method,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_callback_ctrl = ssl3_callback_ctrl,
+        .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
+};
 const SSL_METHOD *
 SSLv23_server_method(void)
 {
@@ -570,3 +603,33 @@ ssl23_get_client_hello(SSL *s)
        return (SSL_accept(s));
 }
+const SSL_METHOD *
+TLS_server_method(void)
+{
+        return &TLS_server_method_data;
+}
+static const SSL_METHOD *
+tls_get_server_method(int ver)
+{
+        if (ver == SSL3_VERSION)
+                return (NULL);
+        else
+                return ssl23_get_server_method(ver);
+}
+int
+tls_accept(SSL *s)
+{
+        int ret;
+        unsigned long old_options;
+        old_options = s->options;
+        s->options |= SSL_OP_NO_SSLv3;
+        ret = ssl23_accept(s);
+        s->options = old_options;
+        return ret;
+}

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index 99bfaf07e4..f1914e0e8e 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s23_srvr.c,v 1.39 2015/03/27 12:29:54 jsing Exp $ */	1	/* $OpenBSD: s23_srvr.c,v 1.40 2015/07/19 06:31:32 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -119,6 +119,7 @@
119		119
120	static const SSL_METHOD *ssl23_get_server_method(int ver);	120	static const SSL_METHOD *ssl23_get_server_method(int ver);
121	int ssl23_get_client_hello(SSL *s);	121	int ssl23_get_client_hello(SSL *s);
		122	static const SSL_METHOD *tls_get_server_method(int ver);
122		123
123	const SSL_METHOD SSLv23_server_method_data = {	124	const SSL_METHOD SSLv23_server_method_data = {
124	.version = TLS1_2_VERSION,	125	.version = TLS1_2_VERSION,
@@ -152,6 +153,38 @@ const SSL_METHOD SSLv23_server_method_data = {
152	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,	153	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
153	};	154	};
154		155
		156	const SSL_METHOD TLS_server_method_data = {
		157	.version = TLS1_2_VERSION,
		158	.ssl_new = tls1_new,
		159	.ssl_clear = tls1_clear,
		160	.ssl_free = tls1_free,
		161	.ssl_accept = tls_accept,
		162	.ssl_connect = ssl_undefined_function,
		163	.ssl_read = ssl23_read,
		164	.ssl_peek = ssl23_peek,
		165	.ssl_write = ssl23_write,
		166	.ssl_shutdown = ssl_undefined_function,
		167	.ssl_renegotiate = ssl_undefined_function,
		168	.ssl_renegotiate_check = ssl_ok,
		169	.ssl_get_message = ssl3_get_message,
		170	.ssl_read_bytes = ssl3_read_bytes,
		171	.ssl_write_bytes = ssl3_write_bytes,
		172	.ssl_dispatch_alert = ssl3_dispatch_alert,
		173	.ssl_ctrl = ssl3_ctrl,
		174	.ssl_ctx_ctrl = ssl3_ctx_ctrl,
		175	.get_cipher_by_char = ssl3_get_cipher_by_char,
		176	.put_cipher_by_char = ssl3_put_cipher_by_char,
		177	.ssl_pending = ssl_undefined_const_function,
		178	.num_ciphers = ssl3_num_ciphers,
		179	.get_cipher = ssl3_get_cipher,
		180	.get_ssl_method = tls_get_server_method,
		181	.get_timeout = ssl23_default_timeout,
		182	.ssl3_enc = &ssl3_undef_enc_method,
		183	.ssl_version = ssl_undefined_void_function,
		184	.ssl_callback_ctrl = ssl3_callback_ctrl,
		185	.ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
		186	};
		187
155	const SSL_METHOD *	188	const SSL_METHOD *
156	SSLv23_server_method(void)	189	SSLv23_server_method(void)
157	{	190	{
@@ -570,3 +603,33 @@ ssl23_get_client_hello(SSL *s)
570		603
571	return (SSL_accept(s));	604	return (SSL_accept(s));
572	}	605	}
		606
		607	const SSL_METHOD *
		608	TLS_server_method(void)
		609	{
		610	return &TLS_server_method_data;
		611	}
		612
		613	static const SSL_METHOD *
		614	tls_get_server_method(int ver)
		615	{
		616	if (ver == SSL3_VERSION)
		617	return (NULL);
		618	else
		619	return ssl23_get_server_method(ver);
		620	}
		621
		622	int
		623	tls_accept(SSL *s)
		624	{
		625	int ret;
		626	unsigned long old_options;
		627
		628	old_options = s->options;
		629
		630	s->options \|= SSL_OP_NO_SSLv3;
		631	ret = ssl23_accept(s);
		632	s->options = old_options;
		633
		634	return ret;
		635	}