dovecot-2.2: lib-ssl-iostreams: ssl_protocols setting supports n...

dovecot at dovecot.org dovecot at dovecot.org
Wed Jul 10 10:01:43 EEST 2013 

details:   http://hg.dovecot.org/dovecot-2.2/rev/3a08bd30d180
changeset: 16593:3a08bd30d180
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Jul 10 10:01:26 2013 +0300
description:
lib-ssl-iostreams: ssl_protocols setting supports now TLSv1.1 and TLSv1.2 values.

diffstat:

 src/lib-ssl-iostream/iostream-openssl-common.c |  24 ++++++++++++++++++++----
 1 files changed, 20 insertions(+), 4 deletions(-)

diffs (48 lines):

diff -r aff54366b1b6 -r 3a08bd30d180 src/lib-ssl-iostream/iostream-openssl-common.c
--- a/src/lib-ssl-iostream/iostream-openssl-common.c	Wed Jul 10 09:43:19 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl-common.c	Wed Jul 10 10:01:26 2013 +0300
@@ -6,10 +6,12 @@
 #include <openssl/x509v3.h>
 
 enum {
-	DOVECOT_SSL_PROTO_SSLv2	= 0x01,
-	DOVECOT_SSL_PROTO_SSLv3	= 0x02,
-	DOVECOT_SSL_PROTO_TLSv1	= 0x04,
-	DOVECOT_SSL_PROTO_ALL	= 0x07
+	DOVECOT_SSL_PROTO_SSLv2		= 0x01,
+	DOVECOT_SSL_PROTO_SSLv3		= 0x02,
+	DOVECOT_SSL_PROTO_TLSv1		= 0x04,
+	DOVECOT_SSL_PROTO_TLSv1_1	= 0x08,
+	DOVECOT_SSL_PROTO_TLSv1_2	= 0x10,
+	DOVECOT_SSL_PROTO_ALL		= 0x1f
 };
 
 int openssl_get_protocol_options(const char *protocols)
@@ -34,6 +36,14 @@
 			proto = DOVECOT_SSL_PROTO_SSLv3;
 		else if (strcasecmp(name, SSL_TXT_TLSV1) == 0)
 			proto = DOVECOT_SSL_PROTO_TLSv1;
+#ifdef SSL_TXT_TLSV1_1
+		else if (strcasecmp(name, SSL_TXT_TLSV1_1) == 0)
+			proto = DOVECOT_SSL_PROTO_TLSv1_1;
+#endif
+#ifdef SSL_TXT_TLSV1_2
+		else if (strcasecmp(name, SSL_TXT_TLSV1_2) == 0)
+			proto = DOVECOT_SSL_PROTO_TLSv1_2;
+#endif
 		else {
 			i_fatal("Invalid ssl_protocols setting: "
 				"Unknown protocol '%s'", name);
@@ -51,6 +61,12 @@
 	if ((exclude & DOVECOT_SSL_PROTO_SSLv2) != 0) op |= SSL_OP_NO_SSLv2;
 	if ((exclude & DOVECOT_SSL_PROTO_SSLv3) != 0) op |= SSL_OP_NO_SSLv3;
 	if ((exclude & DOVECOT_SSL_PROTO_TLSv1) != 0) op |= SSL_OP_NO_TLSv1;
+#ifdef SSL_OP_NO_TLSv1_1
+	if ((exclude & DOVECOT_SSL_PROTO_TLSv1_1) != 0) op |= SSL_OP_NO_TLSv1_1;
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+	if ((exclude & DOVECOT_SSL_PROTO_TLSv1_2) != 0) op |= SSL_OP_NO_TLSv1_2;
+#endif
 	return op;
 }

More information about the dovecot-cvs mailing list