diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2021-02-10 11:15:54 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2021-02-10 12:51:44 +0000 |
commit | 4f4d692321384b4d2fb1ceeadbcf4e03d64cf92d (patch) | |
tree | 3185cc4239fb1fd43032d89a853f1649b091f746 /url.c | |
parent | New option ssl_cipher to specify ciphers for TLSv1.2 and below (diff) | |
download | w3m-4f4d692321384b4d2fb1ceeadbcf4e03d64cf92d.tar.gz w3m-4f4d692321384b4d2fb1ceeadbcf4e03d64cf92d.zip |
New option ssl_min_version for OpenSSL 1.1
Diffstat (limited to 'url.c')
-rw-r--r-- | url.c | 43 |
1 files changed, 43 insertions, 0 deletions
@@ -293,6 +293,38 @@ init_PRNG() } #endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */ +#ifdef SSL_CTX_set_min_proto_version +static int +str_to_ssl_version(const char *name) +{ +#ifdef TLS1_3_VERSION + if (!strcasecmp(name, "TLSv1.3")) + return TLS1_3_VERSION; +#endif +#ifdef TLS1_2_VERSION + if (!strcasecmp(name, "TLSv1.2")) + return TLS1_2_VERSION; +#endif +#ifdef TLS1_1_VERSION + if (!strcasecmp(name, "TLSv1.1")) + return TLS1_1_VERSION; +#endif + if (!strcasecmp(name, "TLSv1.0")) + return TLS1_VERSION; + if (!strcasecmp(name, "TLSv1")) + return TLS1_VERSION; + if (!strcasecmp(name, "SSLv3.0")) + return SSL3_VERSION; + if (!strcasecmp(name, "SSLv3")) + return SSL3_VERSION; + if (!strcasecmp(name, "SSLv2.0")) + return SSL2_VERSION; + if (!strcasecmp(name, "SSLv2")) + return SSL2_VERSION; + return 0; +} +#endif /* SSL_CTX_set_min_proto_version */ + static SSL * openSSLHandle(int sock, char *hostname, char **p_cert) { @@ -336,6 +368,17 @@ openSSLHandle(int sock, char *hostname, char **p_cert) #endif if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method()))) goto eend; +#ifdef SSL_CTX_set_min_proto_version + if (ssl_min_version && *ssl_min_version != '\0') { + int sslver; + sslver = str_to_ssl_version(ssl_min_version); + if (sslver <= 0 + || !SSL_CTX_set_min_proto_version(ssl_ctx, sslver)) { + free_ssl_ctx(); + goto eend; + } + } +#endif if (ssl_cipher && *ssl_cipher != '\0') if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) { free_ssl_ctx(); |