scottk/wlan-cloud-lib-poco
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-lib-poco.git synced 2025-11-02 03:27:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

#2898: poco 1.10/ NetSSL / openssl < 1.1 : default server usage changed (compare to 1.9.4)

Browse Source
This commit is contained in:
Günter Obiltschnig
2020-02-04 10:23:55 +01:00
parent bfa7ca5c82
commit 81624a269f
1 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
NetSSL_OpenSSL/src/Context.cpp
View File

@@ -422,20 +422,33 @@ void Context::requireMinimumProtocol(Protocols protocol)
{ {
case PROTO_SSLV2: case PROTO_SSLV2:
throw Poco::InvalidArgumentException("SSLv2 is no longer supported"); throw Poco::InvalidArgumentException("SSLv2 is no longer supported");
case PROTO_SSLV3: case PROTO_SSLV3:
disableProtocols(PROTO_SSLV2); disableProtocols(PROTO_SSLV2);
break; break;
case PROTO_TLSV1: case PROTO_TLSV1:
disableProtocols(PROTO_SSLV2 | PROTO_SSLV3); disableProtocols(PROTO_SSLV2 | PROTO_SSLV3);
break; break;
case PROTO_TLSV1_1: case PROTO_TLSV1_1:
#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1)
disableProtocols(PROTO_SSLV2 | PROTO_SSLV3 | PROTO_TLSV1); disableProtocols(PROTO_SSLV2 | PROTO_SSLV3 | PROTO_TLSV1);
#else
throw Poco::InvalidArgumentException("TLSv1.1 is not supported by the available OpenSSL library");
#endif
break; break;
case PROTO_TLSV1_2: case PROTO_TLSV1_2:
#if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1)
disableProtocols(PROTO_SSLV2 | PROTO_SSLV3 | PROTO_TLSV1 | PROTO_TLSV1_1); disableProtocols(PROTO_SSLV2 | PROTO_SSLV3 | PROTO_TLSV1 | PROTO_TLSV1_1);
#else
throw Poco::InvalidArgumentException("TLSv1.2 is not supported by the available OpenSSL library");
#endif
break; break;
case PROTO_TLSV1_3: case PROTO_TLSV1_3:
disableProtocols(PROTO_SSLV2 | PROTO_SSLV3 | PROTO_TLSV1 | PROTO_TLSV1_1 | PROTO_TLSV1_2); throw Poco::InvalidArgumentException("TLSv1.3 is not supported by the available OpenSSL library");
break; break;
} }
#endif #endif
@@ -468,6 +481,24 @@ void Context::createSSLContext()
{ {
case CLIENT_USE: case CLIENT_USE:
case TLS_CLIENT_USE: case TLS_CLIENT_USE:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
_pSSLContext = SSL_CTX_new(TLS_client_method());
minTLSVersion = TLS1_VERSION;
#else
_pSSLContext = SSL_CTX_new(SSLv23_client_method());
#endif
break;
case SERVER_USE:
case TLS_SERVER_USE:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
_pSSLContext = SSL_CTX_new(TLS_server_method());
minTLSVersion = TLS1_VERSION;
#else
_pSSLContext = SSL_CTX_new(SSLv23_server_method());
#endif
break;
case TLSV1_CLIENT_USE: case TLSV1_CLIENT_USE:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L #if OPENSSL_VERSION_NUMBER >= 0x10100000L
_pSSLContext = SSL_CTX_new(TLS_client_method()); _pSSLContext = SSL_CTX_new(TLS_client_method());
@@ -477,8 +508,6 @@ void Context::createSSLContext()
#endif #endif
break; break;
case SERVER_USE:
case TLS_SERVER_USE:
case TLSV1_SERVER_USE: case TLSV1_SERVER_USE:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L #if OPENSSL_VERSION_NUMBER >= 0x10100000L
_pSSLContext = SSL_CTX_new(TLS_server_method()); _pSSLContext = SSL_CTX_new(TLS_server_method());