OLD | NEW |
1 --- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-30 00:03:46.000000000 +0000 | 1 --- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-30 00:03:46.000000000 +0000 |
2 +++ openssl-1.0.0b/ssl/ssl.h 2010-11-30 00:03:47.000000000 +0000 | 2 +++ openssl-1.0.0b/ssl/ssl.h 2010-11-30 00:03:47.000000000 +0000 |
3 @@ -1133,6 +1133,9 @@ struct ssl_st | 3 @@ -1133,6 +1133,9 @@ struct ssl_st |
4 /* This can also be in the session once a session is established */ | 4 /* This can also be in the session once a session is established */ |
5 SSL_SESSION *session; | 5 SSL_SESSION *session; |
6 | 6 |
7 + /* This can be disabled to prevent the use of uncached sessions */ | 7 + /* This can be disabled to prevent the use of uncached sessions */ |
8 + int session_creation_enabled; | 8 + int session_creation_enabled; |
9 + | 9 + |
10 /* Default generate session ID callback. */ | 10 /* Default generate session ID callback. */ |
11 GEN_SESSION_CB generate_session_id; | 11 GEN_SESSION_CB generate_session_id; |
12 | 12 |
13 @@ -1546,6 +1549,7 @@ const SSL_CIPHER *SSL_get_current_cipher | |
14 int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); | |
15 char * SSL_CIPHER_get_version(const SSL_CIPHER *c); | |
16 const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); | |
17 +const char * SSL_CIPHER_authentication_method(const SSL_CIPHER *c); | |
18 | |
19 int SSL_get_fd(const SSL *s); | |
20 int SSL_get_rfd(const SSL *s); | |
21 @@ -1554,6 +1558,7 @@ const char * SSL_get_cipher_list(const | 13 @@ -1554,6 +1558,7 @@ const char * SSL_get_cipher_list(const |
22 char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); | 14 char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); |
23 int SSL_get_read_ahead(const SSL * s); | 15 int SSL_get_read_ahead(const SSL * s); |
24 int SSL_pending(const SSL *s); | 16 int SSL_pending(const SSL *s); |
25 +const char * SSL_authentication_method(const SSL *c); | 17 +const char * SSL_authentication_method(const SSL *c); |
26 #ifndef OPENSSL_NO_SOCK | 18 #ifndef OPENSSL_NO_SOCK |
27 int SSL_set_fd(SSL *s, int fd); | 19 int SSL_set_fd(SSL *s, int fd); |
28 int SSL_set_rfd(SSL *s, int fd); | 20 int SSL_set_rfd(SSL *s, int fd); |
29 @@ -1565,6 +1570,7 @@ BIO * SSL_get_rbio(const SSL *s); | 21 @@ -1565,6 +1570,7 @@ BIO * SSL_get_rbio(const SSL *s); |
30 BIO * SSL_get_wbio(const SSL *s); | 22 BIO * SSL_get_wbio(const SSL *s); |
(...skipping 10 matching lines...) Expand all Loading... |
41 +int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain); | 33 +int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain); |
42 +STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x); | 34 +STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x); |
43 | 35 |
44 #ifndef OPENSSL_NO_STDIO | 36 #ifndef OPENSSL_NO_STDIO |
45 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); | 37 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); |
46 @@ -1615,6 +1623,7 @@ void SSL_copy_session_id(SSL *to,const S | 38 @@ -1615,6 +1623,7 @@ void SSL_copy_session_id(SSL *to,const S |
47 SSL_SESSION *SSL_SESSION_new(void); | 39 SSL_SESSION *SSL_SESSION_new(void); |
48 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, | 40 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, |
49 unsigned int *len); | 41 unsigned int *len); |
50 +const char * SSL_SESSION_get_version(const SSL_SESSION *s); | 42 +const char * SSL_SESSION_get_version(const SSL_SESSION *s); |
| 43 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); |
51 #ifndef OPENSSL_NO_FP_API | 44 #ifndef OPENSSL_NO_FP_API |
52 int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); | 45 int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); |
53 #endif | |
54 @@ -1624,6 +1633,7 @@ int SSL_SESSION_print(BIO *fp,const SSL_ | 46 @@ -1624,6 +1633,7 @@ int SSL_SESSION_print(BIO *fp,const SSL_ |
55 void SSL_SESSION_free(SSL_SESSION *ses); | 47 void SSL_SESSION_free(SSL_SESSION *ses); |
56 int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); | 48 int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); |
57 int SSL_set_session(SSL *to, SSL_SESSION *session); | 49 int SSL_set_session(SSL *to, SSL_SESSION *session); |
58 +void SSL_set_session_creation_enabled(SSL *, int); | 50 +void SSL_set_session_creation_enabled(SSL *, int); |
59 int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); | 51 int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); |
60 int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); | 52 int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); |
61 int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); | 53 int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); |
62 @@ -2066,6 +2076,7 @@ void ERR_load_SSL_strings(void); | 54 @@ -2066,6 +2076,7 @@ void ERR_load_SSL_strings(void); |
63 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 | 55 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 |
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
289 + s->cipher_list_by_id = tmp_cipher_list; | 281 + s->cipher_list_by_id = tmp_cipher_list; |
290 + (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_
cmp); | 282 + (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_
cmp); |
291 + | 283 + |
292 + sk_SSL_CIPHER_sort(s->cipher_list_by_id); | 284 + sk_SSL_CIPHER_sort(s->cipher_list_by_id); |
293 + return 1; | 285 + return 1; |
294 + } | 286 + } |
295 + | 287 + |
296 /* works well for SSLv2, not so good for SSLv3 */ | 288 /* works well for SSLv2, not so good for SSLv3 */ |
297 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | 289 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) |
298 { | 290 { |
299 @@ -2551,18 +2578,45 @@ SSL_METHOD *ssl_bad_method(int ver) | 291 @@ -2551,22 +2578,45 @@ SSL_METHOD *ssl_bad_method(int ver) |
300 return(NULL); | 292 return(NULL); |
301 } | 293 } |
302 | 294 |
303 -const char *SSL_get_version(const SSL *s) | 295 -const char *SSL_get_version(const SSL *s) |
304 +static const char *ssl_get_version(int version) | 296 +static const char *ssl_get_version(int version) |
305 { | 297 { |
| 298 - if (s->version == TLS1_2_VERSION) |
| 299 + if (version == TLS1_2_VERSION) |
| 300 return("TLSv1.2"); |
| 301 - else if (s->version == TLS1_1_VERSION) |
| 302 + else if (version == TLS1_1_VERSION) |
| 303 return("TLSv1.1"); |
306 - if (s->version == TLS1_VERSION) | 304 - if (s->version == TLS1_VERSION) |
307 + if (version == TLS1_VERSION) | 305 + if (version == TLS1_VERSION) |
308 return("TLSv1"); | 306 return("TLSv1"); |
309 - else if (s->version == SSL3_VERSION) | 307 - else if (s->version == SSL3_VERSION) |
310 + else if (version == SSL3_VERSION) | 308 + else if (version == SSL3_VERSION) |
311 return("SSLv3"); | 309 return("SSLv3"); |
312 - else if (s->version == SSL2_VERSION) | 310 - else if (s->version == SSL2_VERSION) |
313 + else if (version == SSL2_VERSION) | 311 + else if (version == SSL2_VERSION) |
314 return("SSLv2"); | 312 return("SSLv2"); |
315 else | 313 else |
(...skipping 11 matching lines...) Expand all Loading... |
327 + } | 325 + } |
328 + | 326 + |
329 +const char* SSL_authentication_method(const SSL* ssl) | 327 +const char* SSL_authentication_method(const SSL* ssl) |
330 + { | 328 + { |
331 + if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL) | 329 + if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL) |
332 + return SSL_TXT_RSA "_" SSL_TXT_EXPORT; | 330 + return SSL_TXT_RSA "_" SSL_TXT_EXPORT; |
333 + switch (ssl->version) | 331 + switch (ssl->version) |
334 + { | 332 + { |
335 + case SSL2_VERSION: | 333 + case SSL2_VERSION: |
336 + return SSL_TXT_RSA; | 334 + return SSL_TXT_RSA; |
337 +» case SSL3_VERSION: | 335 +» default: |
338 +» case TLS1_VERSION: | |
339 +» case DTLS1_VERSION: | |
340 + return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher)
; | 336 + return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher)
; |
341 + default: | |
342 + return "UNKNOWN"; | |
343 + } | 337 + } |
344 + } | 338 + } |
345 + | 339 + |
346 SSL *SSL_dup(SSL *s) | 340 SSL *SSL_dup(SSL *s) |
347 { | 341 { |
348 STACK_OF(X509_NAME) *sk; | 342 STACK_OF(X509_NAME) *sk; |
349 --- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-30 00:03:46.000000000 +0000 | 343 --- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-30 00:03:46.000000000 +0000 |
350 +++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-30 00:03:47.000000000 +0000 | 344 +++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-30 00:03:47.000000000 +0000 |
351 @@ -456,6 +456,7 @@ | 345 @@ -456,6 +456,7 @@ |
352 typedef struct cert_pkey_st | 346 typedef struct cert_pkey_st |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
417 /* This gets used by clients and servers. */ | 411 /* This gets used by clients and servers. */ |
418 @@ -269,6 +274,8 @@ int ssl_get_new_session(SSL *s, int sess | 412 @@ -269,6 +274,8 @@ int ssl_get_new_session(SSL *s, int sess |
419 SSL_SESSION *ss=NULL; | 413 SSL_SESSION *ss=NULL; |
420 GEN_SESSION_CB cb = def_generate_session_id; | 414 GEN_SESSION_CB cb = def_generate_session_id; |
421 | 415 |
422 + /* caller should check this if they can do better error handling */ | 416 + /* caller should check this if they can do better error handling */ |
423 + if (!s->session_creation_enabled) return(0); | 417 + if (!s->session_creation_enabled) return(0); |
424 if ((ss=SSL_SESSION_new()) == NULL) return(0); | 418 if ((ss=SSL_SESSION_new()) == NULL) return(0); |
425 | 419 |
426 /* If the context has a default timeout, use it */ | 420 /* If the context has a default timeout, use it */ |
OLD | NEW |