Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
637f374a
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
9 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
637f374a
编写于
12月 07, 2009
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Initial experimental TLSv1.1 support
上级
7e4cae1d
变更
17
隐藏空白更改
内联
并排
Showing
17 changed file
with
167 addition
and
32 deletion
+167
-32
CHANGES
CHANGES
+10
-0
apps/s_client.c
apps/s_client.c
+6
-1
apps/s_server.c
apps/s_server.c
+6
-0
ssl/s23_clnt.c
ssl/s23_clnt.c
+18
-3
ssl/s23_srvr.c
ssl/s23_srvr.c
+19
-3
ssl/s3_pkt.c
ssl/s3_pkt.c
+24
-5
ssl/ssl.h
ssl/ssl.h
+6
-0
ssl/ssl_lib.c
ssl/ssl_lib.c
+4
-2
ssl/ssl_locl.h
ssl/ssl_locl.h
+4
-3
ssl/ssl_sess.c
ssl/ssl_sess.c
+5
-0
ssl/ssl_txt.c
ssl/ssl_txt.c
+2
-0
ssl/t1_clnt.c
ssl/t1_clnt.c
+10
-4
ssl/t1_enc.c
ssl/t1_enc.c
+28
-1
ssl/t1_lib.c
ssl/t1_lib.c
+1
-1
ssl/t1_meth.c
ssl/t1_meth.c
+10
-5
ssl/t1_srvr.c
ssl/t1_srvr.c
+10
-4
ssl/tls1.h
ssl/tls1.h
+4
-0
未找到文件。
CHANGES
浏览文件 @
637f374a
...
...
@@ -4,6 +4,16 @@
Changes between 1.0.0 and 1.1.0 [xx XXX xxxx]
*) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
a few changes are required:
Add SSL_OP_NO_TLSv1_1 flag.
Add TLSv1_1 methods.
Update version checking logic to handle version 1.1.
Add explicit IV handling (ported from DTLS code).
Add command line options to s_client/s_server.
[Steve Henson]
*) Experiemental password based recipient info support for CMS library:
implementing RFC3211.
[Steve Henson]
...
...
apps/s_client.c
浏览文件 @
637f374a
...
...
@@ -318,10 +318,11 @@ static void sc_usage(void)
#endif
BIO_printf
(
bio_err
,
" -ssl2 - just use SSLv2
\n
"
);
BIO_printf
(
bio_err
,
" -ssl3 - just use SSLv3
\n
"
);
BIO_printf
(
bio_err
,
" -tls1_1 - just use TLSv1.1
\n
"
);
BIO_printf
(
bio_err
,
" -tls1 - just use TLSv1
\n
"
);
BIO_printf
(
bio_err
,
" -dtls1 - just use DTLSv1
\n
"
);
BIO_printf
(
bio_err
,
" -mtu - set the link layer MTU
\n
"
);
BIO_printf
(
bio_err
,
" -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
\n
"
);
BIO_printf
(
bio_err
,
" -no_tls1
_1/-no_tls1
/-no_ssl3/-no_ssl2 - turn off that protocol
\n
"
);
BIO_printf
(
bio_err
,
" -bugs - Switch on all SSL implementation bug workarounds
\n
"
);
BIO_printf
(
bio_err
,
" -serverpref - Use server's cipher preferences (only SSLv2)
\n
"
);
BIO_printf
(
bio_err
,
" -cipher - preferred cipher to use, use the 'openssl ciphers'
\n
"
);
...
...
@@ -597,6 +598,8 @@ int MAIN(int argc, char **argv)
meth
=
SSLv3_client_method
();
#endif
#ifndef OPENSSL_NO_TLS1
else
if
(
strcmp
(
*
argv
,
"-tls1_1"
)
==
0
)
meth
=
TLSv1_1_client_method
();
else
if
(
strcmp
(
*
argv
,
"-tls1"
)
==
0
)
meth
=
TLSv1_client_method
();
#endif
...
...
@@ -645,6 +648,8 @@ int MAIN(int argc, char **argv)
if
(
--
argc
<
1
)
goto
bad
;
CAfile
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-no_tls1_1"
)
==
0
)
off
|=
SSL_OP_NO_TLSv1_1
;
else
if
(
strcmp
(
*
argv
,
"-no_tls1"
)
==
0
)
off
|=
SSL_OP_NO_TLSv1
;
else
if
(
strcmp
(
*
argv
,
"-no_ssl3"
)
==
0
)
...
...
apps/s_server.c
浏览文件 @
637f374a
...
...
@@ -458,6 +458,7 @@ static void sv_usage(void)
#endif
BIO_printf
(
bio_err
,
" -ssl2 - Just talk SSLv2
\n
"
);
BIO_printf
(
bio_err
,
" -ssl3 - Just talk SSLv3
\n
"
);
BIO_printf
(
bio_err
,
" -tls1_1 - Just talk TLSv1_1
\n
"
);
BIO_printf
(
bio_err
,
" -tls1 - Just talk TLSv1
\n
"
);
BIO_printf
(
bio_err
,
" -dtls1 - Just talk DTLSv1
\n
"
);
BIO_printf
(
bio_err
,
" -timeout - Enable timeouts
\n
"
);
...
...
@@ -466,6 +467,7 @@ static void sv_usage(void)
BIO_printf
(
bio_err
,
" -no_ssl2 - Just disable SSLv2
\n
"
);
BIO_printf
(
bio_err
,
" -no_ssl3 - Just disable SSLv3
\n
"
);
BIO_printf
(
bio_err
,
" -no_tls1 - Just disable TLSv1
\n
"
);
BIO_printf
(
bio_err
,
" -no_tls1_1 - Just disable TLSv1.1
\n
"
);
#ifndef OPENSSL_NO_DH
BIO_printf
(
bio_err
,
" -no_dhe - Disable ephemeral DH
\n
"
);
#endif
...
...
@@ -1120,6 +1122,8 @@ int MAIN(int argc, char *argv[])
{
off
|=
SSL_OP_NO_SSLv2
;
}
else
if
(
strcmp
(
*
argv
,
"-no_ssl3"
)
==
0
)
{
off
|=
SSL_OP_NO_SSLv3
;
}
else
if
(
strcmp
(
*
argv
,
"-no_tls1_1"
)
==
0
)
{
off
|=
SSL_OP_NO_TLSv1_1
;
}
else
if
(
strcmp
(
*
argv
,
"-no_tls1"
)
==
0
)
{
off
|=
SSL_OP_NO_TLSv1
;
}
else
if
(
strcmp
(
*
argv
,
"-no_comp"
)
==
0
)
...
...
@@ -1137,6 +1141,8 @@ int MAIN(int argc, char *argv[])
{
meth
=
SSLv3_server_method
();
}
#endif
#ifndef OPENSSL_NO_TLS1
else
if
(
strcmp
(
*
argv
,
"-tls1_1"
)
==
0
)
{
meth
=
TLSv1_1_server_method
();
}
else
if
(
strcmp
(
*
argv
,
"-tls1"
)
==
0
)
{
meth
=
TLSv1_server_method
();
}
#endif
...
...
ssl/s23_clnt.c
浏览文件 @
637f374a
...
...
@@ -284,7 +284,11 @@ static int ssl23_client_hello(SSL *s)
if
(
ssl2_compat
&&
ssl23_no_ssl2_ciphers
(
s
))
ssl2_compat
=
0
;
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1_1
))
{
version
=
TLS1_1_VERSION
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
{
version
=
TLS1_VERSION
;
}
...
...
@@ -332,7 +336,12 @@ static int ssl23_client_hello(SSL *s)
if
(
RAND_pseudo_bytes
(
p
,
SSL3_RANDOM_SIZE
-
4
)
<=
0
)
return
-
1
;
if
(
version
==
TLS1_VERSION
)
if
(
version
==
TLS1_1_VERSION
)
{
version_major
=
TLS1_1_VERSION_MAJOR
;
version_minor
=
TLS1_1_VERSION_MINOR
;
}
else
if
(
version
==
TLS1_VERSION
)
{
version_major
=
TLS1_VERSION_MAJOR
;
version_minor
=
TLS1_VERSION_MINOR
;
...
...
@@ -611,7 +620,7 @@ static int ssl23_get_server_hello(SSL *s)
#endif
}
else
if
(
p
[
1
]
==
SSL3_VERSION_MAJOR
&&
(
p
[
2
]
==
SSL3_VERSION_MINOR
||
p
[
2
]
==
TLS
1_VERSION_MINOR
)
&&
(
p
[
2
]
>=
SSL3_VERSION_MINOR
&&
p
[
2
]
<=
TLS1_
1_VERSION_MINOR
)
&&
((
p
[
0
]
==
SSL3_RT_HANDSHAKE
&&
p
[
5
]
==
SSL3_MT_SERVER_HELLO
)
||
(
p
[
0
]
==
SSL3_RT_ALERT
&&
p
[
3
]
==
0
&&
p
[
4
]
==
2
)))
{
...
...
@@ -629,6 +638,12 @@ static int ssl23_get_server_hello(SSL *s)
s
->
version
=
TLS1_VERSION
;
s
->
method
=
TLSv1_client_method
();
}
else
if
((
p
[
2
]
==
TLS1_1_VERSION_MINOR
)
&&
!
(
s
->
options
&
SSL_OP_NO_TLSv1_1
))
{
s
->
version
=
TLS1_1_VERSION
;
s
->
method
=
TLSv1_1_client_method
();
}
else
{
SSLerr
(
SSL_F_SSL23_GET_SERVER_HELLO
,
SSL_R_UNSUPPORTED_PROTOCOL
);
...
...
ssl/s23_srvr.c
浏览文件 @
637f374a
...
...
@@ -128,6 +128,8 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
return
(
SSLv3_server_method
());
else
if
(
ver
==
TLS1_VERSION
)
return
(
TLSv1_server_method
());
else
if
(
ver
==
TLS1_1_VERSION
)
return
(
TLSv1_1_server_method
());
else
return
(
NULL
);
}
...
...
@@ -283,7 +285,13 @@ int ssl23_get_client_hello(SSL *s)
/* SSLv3/TLSv1 */
if
(
p
[
4
]
>=
TLS1_VERSION_MINOR
)
{
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
if
(
p
[
4
]
>=
TLS1_1_VERSION_MINOR
&&
!
(
s
->
options
&
SSL_OP_NO_TLSv1_1
))
{
s
->
version
=
TLS1_1_VERSION
;
s
->
state
=
SSL23_ST_SR_CLNT_HELLO_B
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
{
s
->
version
=
TLS1_VERSION
;
/* type=2; */
/* done later to survive restarts */
...
...
@@ -343,7 +351,13 @@ int ssl23_get_client_hello(SSL *s)
v
[
1
]
=
p
[
10
];
/* minor version according to client_version */
if
(
v
[
1
]
>=
TLS1_VERSION_MINOR
)
{
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
if
(
v
[
1
]
>=
TLS1_1_VERSION_MINOR
&&
!
(
s
->
options
&
SSL_OP_NO_TLSv1_1
))
{
s
->
version
=
TLS1_1_VERSION
;
type
=
3
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
{
s
->
version
=
TLS1_VERSION
;
type
=
3
;
...
...
@@ -566,7 +580,9 @@ int ssl23_get_client_hello(SSL *s)
s
->
s3
->
rbuf
.
offset
=
0
;
}
if
(
s
->
version
==
TLS1_VERSION
)
if
(
s
->
version
==
TLS1_1_VERSION
)
s
->
method
=
TLSv1_1_server_method
();
else
if
(
s
->
version
==
TLS1_VERSION
)
s
->
method
=
TLSv1_server_method
();
else
s
->
method
=
SSLv3_server_method
();
...
...
ssl/s3_pkt.c
浏览文件 @
637f374a
...
...
@@ -115,6 +115,7 @@
#include "ssl_locl.h"
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include <openssl/rand.h>
static
int
do_ssl3_write
(
SSL
*
s
,
int
type
,
const
unsigned
char
*
buf
,
unsigned
int
len
,
int
create_empty_fragment
);
...
...
@@ -629,6 +630,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned
char
*
p
,
*
plen
;
int
i
,
mac_size
,
clear
=
0
;
int
prefix_len
=
0
;
int
eivlen
;
long
align
=
0
;
SSL3_RECORD
*
wr
;
SSL3_BUFFER
*
wb
=&
(
s
->
s3
->
wbuf
);
...
...
@@ -738,9 +740,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* field where we are to write out packet length */
plen
=
p
;
p
+=
2
;
/* Explicit IV length, block ciphers and TLS version 1.1 or later */
if
(
s
->
enc_write_ctx
&&
s
->
version
>=
TLS1_1_VERSION
)
{
eivlen
=
EVP_CIPHER_CTX_iv_length
(
s
->
enc_write_ctx
);
if
(
eivlen
<=
1
)
eivlen
=
0
;
}
else
eivlen
=
0
;
/* lets setup the record stuff. */
wr
->
data
=
p
;
wr
->
data
=
p
+
eivlen
;
wr
->
length
=
(
int
)
len
;
wr
->
input
=
(
unsigned
char
*
)
buf
;
...
...
@@ -768,11 +779,19 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if
(
mac_size
!=
0
)
{
if
(
s
->
method
->
ssl3_enc
->
mac
(
s
,
&
(
p
[
wr
->
length
]),
1
)
<
0
)
if
(
s
->
method
->
ssl3_enc
->
mac
(
s
,
&
(
p
[
wr
->
length
+
eivlen
]),
1
)
<
0
)
goto
err
;
wr
->
length
+=
mac_size
;
wr
->
input
=
p
;
wr
->
data
=
p
;
}
wr
->
input
=
p
;
wr
->
data
=
p
;
if
(
eivlen
)
{
if
(
RAND_pseudo_bytes
(
p
,
eivlen
)
<=
0
)
goto
err
;
wr
->
length
+=
eivlen
;
}
/* ssl3_enc can only have an error on read */
...
...
@@ -1262,7 +1281,7 @@ start:
default:
#ifndef OPENSSL_NO_TLS
/* TLS just ignores unknown message types */
if
(
s
->
version
==
TLS
1_VERSION
)
if
(
s
->
version
>=
TLS1_VERSION
&&
s
->
version
<=
TLS1_
1_VERSION
)
{
rr
->
length
=
0
;
goto
start
;
...
...
ssl/ssl.h
浏览文件 @
637f374a
...
...
@@ -298,6 +298,7 @@ extern "C" {
#define SSL_TXT_SSLV2 "SSLv2"
#define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_TLSV1 "TLSv1"
#define SSL_TXT_TLSV1_1 "TLSv1.1"
#define SSL_TXT_EXP "EXP"
#define SSL_TXT_EXPORT "EXPORT"
...
...
@@ -569,6 +570,7 @@ typedef struct ssl_session_st
#define SSL_OP_NO_SSLv2 0x01000000L
#define SSL_OP_NO_SSLv3 0x02000000L
#define SSL_OP_NO_TLSv1 0x04000000L
#define SSL_OP_NO_TLSv1_1 0x00040000L
/* The next flag deliberately changes the ciphertest, this is a check
* for the PKCS#1 attack */
...
...
@@ -1630,6 +1632,10 @@ const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const
SSL_METHOD
*
TLSv1_server_method
(
void
);
/* TLSv1.0 */
const
SSL_METHOD
*
TLSv1_client_method
(
void
);
/* TLSv1.0 */
const
SSL_METHOD
*
TLSv1_1_method
(
void
);
/* TLSv1.1 */
const
SSL_METHOD
*
TLSv1_1_server_method
(
void
);
/* TLSv1.1 */
const
SSL_METHOD
*
TLSv1_1_client_method
(
void
);
/* TLSv1.1 */
const
SSL_METHOD
*
DTLSv1_method
(
void
);
/* DTLSv1.0 */
const
SSL_METHOD
*
DTLSv1_server_method
(
void
);
/* DTLSv1.0 */
const
SSL_METHOD
*
DTLSv1_client_method
(
void
);
/* DTLSv1.0 */
...
...
ssl/ssl_lib.c
浏览文件 @
637f374a
...
...
@@ -2380,8 +2380,10 @@ SSL_METHOD *ssl_bad_method(int ver)
const
char
*
SSL_get_version
(
const
SSL
*
s
)
{
if
(
s
->
version
==
TLS1_VERSION
)
return
(
"TLSv1"
);
if
(
s
->
version
==
TLS1_1_VERSION
)
return
(
"TLSv1.1"
);
else
if
(
s
->
version
==
SSL3_VERSION
)
return
(
"SSLv3"
);
else
if
(
s
->
version
==
SSL3_VERSION
)
return
(
"SSLv3"
);
else
if
(
s
->
version
==
SSL2_VERSION
)
...
...
ssl/ssl_locl.h
浏览文件 @
637f374a
...
...
@@ -591,11 +591,12 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
extern
SSL3_ENC_METHOD
SSLv3_enc_data
;
extern
SSL3_ENC_METHOD
DTLSv1_enc_data
;
#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth) \
const SSL_METHOD *func_name(void) \
{ \
static const SSL_METHOD func_name##_data= { \
TLS1_VERSION
, \
version
, \
tls1_new, \
tls1_clear, \
tls1_free, \
...
...
@@ -669,7 +670,7 @@ const SSL_METHOD *func_name(void) \
const SSL_METHOD *func_name(void) \
{ \
static const SSL_METHOD func_name##_data= { \
TLS1_VERSION, \
TLS1_
1_
VERSION, \
tls1_new, \
tls1_clear, \
tls1_free, \
...
...
ssl/ssl_sess.c
浏览文件 @
637f374a
...
...
@@ -300,6 +300,11 @@ int ssl_get_new_session(SSL *s, int session)
ss
->
ssl_version
=
TLS1_VERSION
;
ss
->
session_id_length
=
SSL3_SSL_SESSION_ID_LENGTH
;
}
else
if
(
s
->
version
==
TLS1_1_VERSION
)
{
ss
->
ssl_version
=
TLS1_1_VERSION
;
ss
->
session_id_length
=
SSL3_SSL_SESSION_ID_LENGTH
;
}
else
if
(
s
->
version
==
DTLS1_BAD_VER
)
{
ss
->
ssl_version
=
DTLS1_BAD_VER
;
...
...
ssl/ssl_txt.c
浏览文件 @
637f374a
...
...
@@ -115,6 +115,8 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
s
=
"SSLv2"
;
else
if
(
x
->
ssl_version
==
SSL3_VERSION
)
s
=
"SSLv3"
;
else
if
(
x
->
ssl_version
==
TLS1_1_VERSION
)
s
=
"TLSv1.1"
;
else
if
(
x
->
ssl_version
==
TLS1_VERSION
)
s
=
"TLSv1"
;
else
if
(
x
->
ssl_version
==
DTLS1_VERSION
)
...
...
ssl/t1_clnt.c
浏览文件 @
637f374a
...
...
@@ -66,13 +66,19 @@
static
const
SSL_METHOD
*
tls1_get_client_method
(
int
ver
);
static
const
SSL_METHOD
*
tls1_get_client_method
(
int
ver
)
{
if
(
ver
==
TLS1_1_VERSION
)
return
TLSv1_1_client_method
();
if
(
ver
==
TLS1_VERSION
)
return
(
TLSv1_client_method
());
else
return
(
NULL
);
return
TLSv1_client_method
();
return
NULL
;
}
IMPLEMENT_tls1_meth_func
(
TLSv1_client_method
,
IMPLEMENT_tls_meth_func
(
TLS1_1_VERSION
,
TLSv1_1_client_method
,
ssl_undefined_function
,
ssl3_connect
,
tls1_get_client_method
)
IMPLEMENT_tls_meth_func
(
TLS1_VERSION
,
TLSv1_client_method
,
ssl_undefined_function
,
ssl3_connect
,
tls1_get_client_method
)
...
...
ssl/t1_enc.c
浏览文件 @
637f374a
...
...
@@ -143,6 +143,7 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
#ifdef KSSL_DEBUG
#include <openssl/des.h>
#endif
...
...
@@ -617,7 +618,27 @@ int tls1_enc(SSL *s, int send)
if
(
s
->
enc_write_ctx
==
NULL
)
enc
=
NULL
;
else
{
int
ivlen
;
enc
=
EVP_CIPHER_CTX_cipher
(
s
->
enc_write_ctx
);
/* For TLSv1.1 and later explicit IV */
if
(
s
->
version
>=
TLS1_1_VERSION
)
ivlen
=
EVP_CIPHER_iv_length
(
enc
);
else
ivlen
=
0
;
if
(
ivlen
>
1
)
{
if
(
rec
->
data
!=
rec
->
input
)
/* we can't write into the input stream:
* Can this ever happen?? (steve)
*/
fprintf
(
stderr
,
"%s:%d: rec->data != rec->input
\n
"
,
__FILE__
,
__LINE__
);
else
if
(
RAND_bytes
(
rec
->
input
,
ivlen
)
<=
0
)
return
-
1
;
}
}
}
else
{
...
...
@@ -746,7 +767,13 @@ int tls1_enc(SSL *s, int send)
return
-
1
;
}
}
rec
->
length
-=
i
;
rec
->
length
-=
i
;
if
(
s
->
version
>=
TLS1_1_VERSION
)
{
rec
->
data
+=
bs
;
/* skip the explicit IV */
rec
->
input
+=
bs
;
rec
->
length
-=
bs
;
}
}
}
return
(
1
);
...
...
ssl/t1_lib.c
浏览文件 @
637f374a
...
...
@@ -166,7 +166,7 @@ void tls1_free(SSL *s)
void
tls1_clear
(
SSL
*
s
)
{
ssl3_clear
(
s
);
s
->
version
=
TLS1_VERSION
;
s
->
version
=
s
->
method
->
version
;
}
#ifndef OPENSSL_NO_EC
...
...
ssl/t1_meth.c
浏览文件 @
637f374a
...
...
@@ -60,16 +60,21 @@
#include <openssl/objects.h>
#include "ssl_locl.h"
static
const
SSL_METHOD
*
tls1_get_method
(
int
ver
);
static
const
SSL_METHOD
*
tls1_get_method
(
int
ver
)
{
if
(
ver
==
TLS1_1_VERSION
)
return
TLSv1_1_method
();
if
(
ver
==
TLS1_VERSION
)
return
(
TLSv1_method
());
else
return
(
NULL
);
return
TLSv1_method
();
return
NULL
;
}
IMPLEMENT_tls1_meth_func
(
TLSv1_method
,
IMPLEMENT_tls_meth_func
(
TLS1_1_VERSION
,
TLSv1_1_method
,
ssl3_accept
,
ssl3_connect
,
tls1_get_method
)
IMPLEMENT_tls_meth_func
(
TLS1_VERSION
,
TLSv1_method
,
ssl3_accept
,
ssl3_connect
,
tls1_get_method
)
...
...
ssl/t1_srvr.c
浏览文件 @
637f374a
...
...
@@ -67,13 +67,19 @@
static
const
SSL_METHOD
*
tls1_get_server_method
(
int
ver
);
static
const
SSL_METHOD
*
tls1_get_server_method
(
int
ver
)
{
if
(
ver
==
TLS1_1_VERSION
)
return
TLSv1_1_server_method
();
if
(
ver
==
TLS1_VERSION
)
return
(
TLSv1_server_method
());
else
return
(
NULL
);
return
TLSv1_server_method
();
return
NULL
;
}
IMPLEMENT_tls1_meth_func
(
TLSv1_server_method
,
IMPLEMENT_tls_meth_func
(
TLS1_1_VERSION
,
TLSv1_1_server_method
,
ssl3_accept
,
ssl_undefined_function
,
tls1_get_server_method
)
IMPLEMENT_tls_meth_func
(
TLS1_VERSION
,
TLSv1_server_method
,
ssl3_accept
,
ssl_undefined_function
,
tls1_get_server_method
)
...
...
ssl/tls1.h
浏览文件 @
637f374a
...
...
@@ -159,6 +159,10 @@ extern "C" {
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
#define TLS1_1_VERSION 0x0302
#define TLS1_1_VERSION_MAJOR 0x03
#define TLS1_1_VERSION_MINOR 0x02
#define TLS1_VERSION 0x0301
#define TLS1_VERSION_MAJOR 0x03
#define TLS1_VERSION_MINOR 0x01
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录