[glib-networking/set_max_protocol] openssl: factor out set_max_protocol




commit 5497e06d2590e38c969a3fe252fcc3c4418c2f77
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Thu Dec 24 10:34:07 2020 +0100

    openssl: factor out set_max_protocol
    
    And call the openssl api if it is defined
    Fixes #156

 tls/openssl/gtlsclientconnection-openssl.c | 16 +++++++++++++++-
 tls/openssl/gtlsserverconnection-openssl.c | 16 +++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index a6b4e97..95428c6 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -297,7 +297,7 @@ static gboolean
 set_cipher_list (GTlsClientConnectionOpenssl  *client,
                  GError                      **error)
 {
-  const gchar *cipher_list, *proto;
+  const gchar *cipher_list;
 
   cipher_list = g_getenv ("G_TLS_OPENSSL_CIPHER_LIST");
   if (cipher_list)
@@ -311,6 +311,16 @@ set_cipher_list (GTlsClientConnectionOpenssl  *client,
         }
     }
 
+  return TRUE;
+}
+
+static gboolean
+set_max_protocol (GTlsClientConnectionOpenssl  *client,
+                  GError                      **error)
+{
+#ifdef SSL_CTX_set_max_proto_version
+  const gchar *proto;
+
   proto = g_getenv ("G_TLS_OPENSSL_MAX_PROTO");
   if (proto)
     {
@@ -327,6 +337,7 @@ set_cipher_list (GTlsClientConnectionOpenssl  *client,
             }
         }
     }
+#endif
 
   return TRUE;
 }
@@ -382,6 +393,9 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
   if (!set_cipher_list (client, error))
     return FALSE;
 
+  if (!set_max_protocol (client, error))
+    return FALSE;
+
   /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
             SSL_OP_NO_COMPRESSION |
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index a4ea30f..ab09381 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -333,7 +333,7 @@ static gboolean
 set_cipher_list (GTlsServerConnectionOpenssl  *server,
                  GError                      **error)
 {
-  const gchar *cipher_list, *proto;
+  const gchar *cipher_list;
 
   cipher_list = g_getenv ("G_TLS_OPENSSL_CIPHER_LIST");
   if (cipher_list)
@@ -347,6 +347,16 @@ set_cipher_list (GTlsServerConnectionOpenssl  *server,
         }
     }
 
+  return TRUE;
+}
+
+static gboolean
+set_max_protocol (GTlsServerConnectionOpenssl  *server,
+                  GError                      **error)
+{
+#ifdef SSL_CTX_set_max_proto_version
+  const gchar *proto;
+
   proto = g_getenv ("G_TLS_OPENSSL_MAX_PROTO");
   if (proto)
     {
@@ -363,6 +373,7 @@ set_cipher_list (GTlsServerConnectionOpenssl  *server,
             }
         }
     }
+#endif
 
   return TRUE;
 }
@@ -418,6 +429,9 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
   if (!set_cipher_list (server, error))
     return FALSE;
 
+  if (!set_max_protocol (server, error))
+    return FALSE;
+
   /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
             SSL_OP_NO_COMPRESSION |


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]