diff options
| author |   jsing <jsing@openbsd.org> | 2019-02-14 17:50:07 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2019-02-14 17:50:07 +0000 |
| commit | efee3f2f190421f1dabbf71948d7fa8020ab4313 (patch) | |
| tree | 6e23f075dab0c58b1927ab7ff0f399647ab72cc3 /lib/libssl/ssl_methods.c | |
| parent | Allow *at variant of mkfifo and mknod, too. (diff) | |
| download | wireguard-openbsd-efee3f2f190421f1dabbf71948d7fa8020ab4313.tar.xz wireguard-openbsd-efee3f2f190421f1dabbf71948d7fa8020ab4313.zip | |
Provide a TLS 1.3 capable client method.
ok tb@
Diffstat (limited to 'lib/libssl/ssl_methods.c')
| -rw-r--r-- | lib/libssl/ssl_methods.c | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index 3e9f18bc40e..636fed92a06 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.1 2018/11/05 05:45:15 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.2 2019/02/14 17:50:07 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include "ssl_locl.h" +#include "tls13_internal.h" static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { .version = DTLS1_VERSION, @@ -189,7 +190,38 @@ dtls1_get_server_method(int ver) return (NULL); } +#ifdef LIBRESSL_HAS_TLS13 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { + .version = TLS1_3_VERSION, + .min_version = TLS1_VERSION, + .max_version = TLS1_3_VERSION, + .ssl_new = tls1_new, + .ssl_clear = tls1_clear, + .ssl_free = tls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = tls13_legacy_connect, + .get_ssl_method = tls1_get_client_method, + .get_timeout = tls1_default_timeout, + .ssl_version = ssl_undefined_void_function, + .ssl_renegotiate = ssl_undefined_function, + .ssl_renegotiate_check = ssl_ok, + .ssl_get_message = ssl3_get_message, + .ssl_read_bytes = tls13_legacy_read_bytes, + .ssl_write_bytes = tls13_legacy_write_bytes, + .ssl3_enc = &TLSv1_2_enc_data, +}; + +static const SSL_METHOD TLS_client_method_data = { + .ssl_dispatch_alert = ssl3_dispatch_alert, + .num_ciphers = ssl3_num_ciphers, + .get_cipher = ssl3_get_cipher, + .get_cipher_by_char = ssl3_get_cipher_by_char, + .put_cipher_by_char = ssl3_put_cipher_by_char, + .internal = &TLS_client_method_internal_data, +}; +#endif + +static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { .version = TLS1_2_VERSION, .min_version = TLS1_VERSION, .max_version = TLS1_2_VERSION, @@ -209,13 +241,13 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { .ssl3_enc = &TLSv1_2_enc_data, }; -static const SSL_METHOD TLS_client_method_data = { +static const SSL_METHOD TLS_legacy_client_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_client_method_internal_data, + .internal = &TLS_legacy_client_method_internal_data, }; static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { @@ -326,7 +358,17 @@ SSLv23_client_method(void) const SSL_METHOD * TLS_client_method(void) { +#ifdef LIBRESSL_HAS_TLS13 return (&TLS_client_method_data); +#else + return tls_legacy_client_method(); +#endif +} + +const SSL_METHOD * +tls_legacy_client_method(void) +{ + return (&TLS_legacy_client_method_data); } const SSL_METHOD * |