1 files changed, 60 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 4342b5a565..bec7afcb1b 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.5 2015/02/12 04:31:27 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.6 2015/02/12 04:35:17 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -15,6 +15,7 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
+#include <ctype.h>
 #include <errno.h>
 #include <stdlib.h>
@@ -109,6 +110,64 @@ tls_config_clear_keys(struct tls_config *config)
 }
 int
+tls_config_parse_protocols(uint32_t *protocols, const char *protostr)
+{
+        uint32_t proto, protos = 0;
+        char *s, *p, *q;
+        int negate;
+        if ((s = strdup(protostr)) == NULL)
+                return (-1);
+        q = s;
+        while ((p = strsep(&q, ",:")) != NULL) {
+                while (*p == ' ' || *p == '\t')
+                        p++;
+                negate = 0;
+                if (*p == '!') {
+                        negate = 1;
+                        p++;
+                }
+                if (negate && protos == 0)
+                        protos = TLS_PROTOCOLS_ALL;
+                proto = 0;
+                if (strcasecmp(p, "all") == 0 ||
+                    strcasecmp(p, "legacy") == 0)
+                        proto = TLS_PROTOCOLS_ALL;
+                else if (strcasecmp(p, "default") == 0 ||
+                    strcasecmp(p, "secure") == 0)
+                        proto = TLS_PROTOCOLS_DEFAULT;
+                if (strcasecmp(p, "tlsv1") == 0)
+                        proto = TLS_PROTOCOL_TLSv1;
+                else if (strcasecmp(p, "tlsv1.0") == 0)
+                        proto = TLS_PROTOCOL_TLSv1_0;
+                else if (strcasecmp(p, "tlsv1.1") == 0)
+                        proto = TLS_PROTOCOL_TLSv1_1;
+                else if (strcasecmp(p, "tlsv1.2") == 0)
+                        proto = TLS_PROTOCOL_TLSv1_2;
+                if (proto == 0) {
+                        free(s);
+                        return (-1);
+                }
+                if (negate)
+                        protos &= ~proto;
+                else
+                        protos |= proto;
+        }
+        *protocols = protos;
+        free(s);
+        return (0);
+}
+int
 tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
 {
        return set_string(&config->ca_file, ca_file);

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 4342b5a565..bec7afcb1b 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_config.c,v 1.5 2015/02/12 04:31:27 jsing Exp $ */	1	/* $OpenBSD: tls_config.c,v 1.6 2015/02/12 04:35:17 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -15,6 +15,7 @@
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/	16	*/
17		17
		18	#include <ctype.h>
18	#include <errno.h>	19	#include <errno.h>
19	#include <stdlib.h>	20	#include <stdlib.h>
20		21
@@ -109,6 +110,64 @@ tls_config_clear_keys(struct tls_config *config)
109	}	110	}
110		111
111	int	112	int
		113	tls_config_parse_protocols(uint32_t protocols, const char protostr)
		114	{
		115	uint32_t proto, protos = 0;
		116	char s, p, *q;
		117	int negate;
		118
		119	if ((s = strdup(protostr)) == NULL)
		120	return (-1);
		121
		122	q = s;
		123	while ((p = strsep(&q, ",:")) != NULL) {
		124	while (p == ' ' \|\| p == '\t')
		125	p++;
		126
		127	negate = 0;
		128	if (*p == '!') {
		129	negate = 1;
		130	p++;
		131	}
		132
		133	if (negate && protos == 0)
		134	protos = TLS_PROTOCOLS_ALL;
		135
		136	proto = 0;
		137	if (strcasecmp(p, "all") == 0 \|\|
		138	strcasecmp(p, "legacy") == 0)
		139	proto = TLS_PROTOCOLS_ALL;
		140	else if (strcasecmp(p, "default") == 0 \|\|
		141	strcasecmp(p, "secure") == 0)
		142	proto = TLS_PROTOCOLS_DEFAULT;
		143	if (strcasecmp(p, "tlsv1") == 0)
		144	proto = TLS_PROTOCOL_TLSv1;
		145	else if (strcasecmp(p, "tlsv1.0") == 0)
		146	proto = TLS_PROTOCOL_TLSv1_0;
		147	else if (strcasecmp(p, "tlsv1.1") == 0)
		148	proto = TLS_PROTOCOL_TLSv1_1;
		149	else if (strcasecmp(p, "tlsv1.2") == 0)
		150	proto = TLS_PROTOCOL_TLSv1_2;
		151
		152	if (proto == 0) {
		153	free(s);
		154	return (-1);
		155	}
		156
		157	if (negate)
		158	protos &= ~proto;
		159	else
		160	protos \|= proto;
		161	}
		162
		163	*protocols = protos;
		164
		165	free(s);
		166
		167	return (0);
		168	}
		169
		170	int
112	tls_config_set_ca_file(struct tls_config config, const char ca_file)	171	tls_config_set_ca_file(struct tls_config config, const char ca_file)
113	{	172	{
114	return set_string(&config->ca_file, ca_file);	173	return set_string(&config->ca_file, ca_file);