upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-27 10:09:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#5655 for new structure

Browse source
This commit is contained in:
Howard Chu 2009-01-26 02:16:46 +00:00
parent 4dff3e6807
commit f9fd0f0cc4
2 changed files with 30 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
libraries/libldap/tls2.c
View file

@ -542,6 +542,23 @@ ldap_int_tls_config( LDAP *ld, int option, const char *arg )
return ldap_pvt_tls_set_option( ld, option, &i );
}
return -1;
case LDAP_OPT_X_TLS_PROTOCOL_MIN: {
char *next;
long l;
l = strtol( arg, &next, 10 );
if ( l < 0 || l > 0xff || next == arg ||
( *next != '\0' && *next != '.' ) )
return -1;
i = l << 8;
if (*next == '.') {
arg = next + 1;
l = strtol( arg, &next, 10 );
if ( l < 0 || l > 0xff || next == arg || *next != '\0' )
return -1;
i += l;
}
return ldap_pvt_tls_set_option( ld, option, &i );
}
case LDAP_OPT_X_TLS_CRLCHECK: /* OpenSSL only */
i = -1;
if ( strcasecmp( arg, "none" ) == 0 ) {
@ -625,6 +642,9 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
*(char **)arg = lo->ldo_tls_ciphersuite ?
LDAP_STRDUP( lo->ldo_tls_ciphersuite ) : NULL;
break;
case LDAP_OPT_X_TLS_PROTOCOL_MIN:
*(int *)arg = lo->ldo_tls_protocol_min;
break;
case LDAP_OPT_X_TLS_RANDOM_FILE: /* OpenSSL only */
*(char **)arg = lo->ldo_tls_randfile ?
LDAP_STRDUP( lo->ldo_tls_randfile ) : NULL;
@ -756,6 +776,11 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
return 0;
case LDAP_OPT_X_TLS_PROTOCOL_MIN:
if ( !arg ) return -1;
lo->ldo_tls_protocol_min = *(int *)arg;
return 0;
case LDAP_OPT_X_TLS_RANDOM_FILE: /* OpenSSL only */
if ( ld != NULL )
return -1;

5
libraries/libldap/tls_o.c
View file

@ -222,6 +222,11 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
(const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 );
}
if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 )
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 )
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 );
if ( lo->ldo_tls_ciphersuite &&
!SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )
{