aboutsummaryrefslogtreecommitdiffstats
path: root/url.c
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2021-02-10 11:15:54 +0000
committerTatsuya Kinoshita <tats@debian.org>2021-02-10 12:51:44 +0000
commit4f4d692321384b4d2fb1ceeadbcf4e03d64cf92d (patch)
tree3185cc4239fb1fd43032d89a853f1649b091f746 /url.c
parentNew option ssl_cipher to specify ciphers for TLSv1.2 and below (diff)
downloadw3m-4f4d692321384b4d2fb1ceeadbcf4e03d64cf92d.tar.gz
w3m-4f4d692321384b4d2fb1ceeadbcf4e03d64cf92d.zip
New option ssl_min_version for OpenSSL 1.1
Diffstat (limited to 'url.c')
-rw-r--r--url.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/url.c b/url.c
index c7eeb16..9e67e06 100644
--- a/url.c
+++ b/url.c
@@ -293,6 +293,38 @@ init_PRNG()
}
#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
+#ifdef SSL_CTX_set_min_proto_version
+static int
+str_to_ssl_version(const char *name)
+{
+#ifdef TLS1_3_VERSION
+ if (!strcasecmp(name, "TLSv1.3"))
+ return TLS1_3_VERSION;
+#endif
+#ifdef TLS1_2_VERSION
+ if (!strcasecmp(name, "TLSv1.2"))
+ return TLS1_2_VERSION;
+#endif
+#ifdef TLS1_1_VERSION
+ if (!strcasecmp(name, "TLSv1.1"))
+ return TLS1_1_VERSION;
+#endif
+ if (!strcasecmp(name, "TLSv1.0"))
+ return TLS1_VERSION;
+ if (!strcasecmp(name, "TLSv1"))
+ return TLS1_VERSION;
+ if (!strcasecmp(name, "SSLv3.0"))
+ return SSL3_VERSION;
+ if (!strcasecmp(name, "SSLv3"))
+ return SSL3_VERSION;
+ if (!strcasecmp(name, "SSLv2.0"))
+ return SSL2_VERSION;
+ if (!strcasecmp(name, "SSLv2"))
+ return SSL2_VERSION;
+ return 0;
+}
+#endif /* SSL_CTX_set_min_proto_version */
+
static SSL *
openSSLHandle(int sock, char *hostname, char **p_cert)
{
@@ -336,6 +368,17 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
#endif
if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
goto eend;
+#ifdef SSL_CTX_set_min_proto_version
+ if (ssl_min_version && *ssl_min_version != '\0') {
+ int sslver;
+ sslver = str_to_ssl_version(ssl_min_version);
+ if (sslver <= 0
+ || !SSL_CTX_set_min_proto_version(ssl_ctx, sslver)) {
+ free_ssl_ctx();
+ goto eend;
+ }
+ }
+#endif
if (ssl_cipher && *ssl_cipher != '\0')
if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) {
free_ssl_ctx();