Mercurial > dovecot > core-2.2
changeset 16593:3a08bd30d180
lib-ssl-iostreams: ssl_protocols setting supports now TLSv1.1 and TLSv1.2 values.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 10 Jul 2013 10:01:26 +0300 |
parents | aff54366b1b6 |
children | dff200f433d2 |
files | src/lib-ssl-iostream/iostream-openssl-common.c |
diffstat | 1 files changed, 20 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-ssl-iostream/iostream-openssl-common.c Wed Jul 10 09:43:19 2013 +0300 +++ b/src/lib-ssl-iostream/iostream-openssl-common.c Wed Jul 10 10:01:26 2013 +0300 @@ -6,10 +6,12 @@ #include <openssl/x509v3.h> enum { - DOVECOT_SSL_PROTO_SSLv2 = 0x01, - DOVECOT_SSL_PROTO_SSLv3 = 0x02, - DOVECOT_SSL_PROTO_TLSv1 = 0x04, - DOVECOT_SSL_PROTO_ALL = 0x07 + DOVECOT_SSL_PROTO_SSLv2 = 0x01, + DOVECOT_SSL_PROTO_SSLv3 = 0x02, + DOVECOT_SSL_PROTO_TLSv1 = 0x04, + DOVECOT_SSL_PROTO_TLSv1_1 = 0x08, + DOVECOT_SSL_PROTO_TLSv1_2 = 0x10, + DOVECOT_SSL_PROTO_ALL = 0x1f }; int openssl_get_protocol_options(const char *protocols) @@ -34,6 +36,14 @@ proto = DOVECOT_SSL_PROTO_SSLv3; else if (strcasecmp(name, SSL_TXT_TLSV1) == 0) proto = DOVECOT_SSL_PROTO_TLSv1; +#ifdef SSL_TXT_TLSV1_1 + else if (strcasecmp(name, SSL_TXT_TLSV1_1) == 0) + proto = DOVECOT_SSL_PROTO_TLSv1_1; +#endif +#ifdef SSL_TXT_TLSV1_2 + else if (strcasecmp(name, SSL_TXT_TLSV1_2) == 0) + proto = DOVECOT_SSL_PROTO_TLSv1_2; +#endif else { i_fatal("Invalid ssl_protocols setting: " "Unknown protocol '%s'", name); @@ -51,6 +61,12 @@ if ((exclude & DOVECOT_SSL_PROTO_SSLv2) != 0) op |= SSL_OP_NO_SSLv2; if ((exclude & DOVECOT_SSL_PROTO_SSLv3) != 0) op |= SSL_OP_NO_SSLv3; if ((exclude & DOVECOT_SSL_PROTO_TLSv1) != 0) op |= SSL_OP_NO_TLSv1; +#ifdef SSL_OP_NO_TLSv1_1 + if ((exclude & DOVECOT_SSL_PROTO_TLSv1_1) != 0) op |= SSL_OP_NO_TLSv1_1; +#endif +#ifdef SSL_OP_NO_TLSv1_2 + if ((exclude & DOVECOT_SSL_PROTO_TLSv1_2) != 0) op |= SSL_OP_NO_TLSv1_2; +#endif return op; }