dovecot-2.2: lib-ssl-iostreams: ssl_protocols setting supports n...
dovecot at dovecot.org
dovecot at dovecot.org
Wed Jul 10 10:01:43 EEST 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/3a08bd30d180
changeset: 16593:3a08bd30d180
user: Timo Sirainen <tss at iki.fi>
date: Wed Jul 10 10:01:26 2013 +0300
description:
lib-ssl-iostreams: ssl_protocols setting supports now TLSv1.1 and TLSv1.2 values.
diffstat:
src/lib-ssl-iostream/iostream-openssl-common.c | 24 ++++++++++++++++++++----
1 files changed, 20 insertions(+), 4 deletions(-)
diffs (48 lines):
diff -r aff54366b1b6 -r 3a08bd30d180 src/lib-ssl-iostream/iostream-openssl-common.c
--- a/src/lib-ssl-iostream/iostream-openssl-common.c Wed Jul 10 09:43:19 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl-common.c Wed Jul 10 10:01:26 2013 +0300
@@ -6,10 +6,12 @@
#include <openssl/x509v3.h>
enum {
- DOVECOT_SSL_PROTO_SSLv2 = 0x01,
- DOVECOT_SSL_PROTO_SSLv3 = 0x02,
- DOVECOT_SSL_PROTO_TLSv1 = 0x04,
- DOVECOT_SSL_PROTO_ALL = 0x07
+ DOVECOT_SSL_PROTO_SSLv2 = 0x01,
+ DOVECOT_SSL_PROTO_SSLv3 = 0x02,
+ DOVECOT_SSL_PROTO_TLSv1 = 0x04,
+ DOVECOT_SSL_PROTO_TLSv1_1 = 0x08,
+ DOVECOT_SSL_PROTO_TLSv1_2 = 0x10,
+ DOVECOT_SSL_PROTO_ALL = 0x1f
};
int openssl_get_protocol_options(const char *protocols)
@@ -34,6 +36,14 @@
proto = DOVECOT_SSL_PROTO_SSLv3;
else if (strcasecmp(name, SSL_TXT_TLSV1) == 0)
proto = DOVECOT_SSL_PROTO_TLSv1;
+#ifdef SSL_TXT_TLSV1_1
+ else if (strcasecmp(name, SSL_TXT_TLSV1_1) == 0)
+ proto = DOVECOT_SSL_PROTO_TLSv1_1;
+#endif
+#ifdef SSL_TXT_TLSV1_2
+ else if (strcasecmp(name, SSL_TXT_TLSV1_2) == 0)
+ proto = DOVECOT_SSL_PROTO_TLSv1_2;
+#endif
else {
i_fatal("Invalid ssl_protocols setting: "
"Unknown protocol '%s'", name);
@@ -51,6 +61,12 @@
if ((exclude & DOVECOT_SSL_PROTO_SSLv2) != 0) op |= SSL_OP_NO_SSLv2;
if ((exclude & DOVECOT_SSL_PROTO_SSLv3) != 0) op |= SSL_OP_NO_SSLv3;
if ((exclude & DOVECOT_SSL_PROTO_TLSv1) != 0) op |= SSL_OP_NO_TLSv1;
+#ifdef SSL_OP_NO_TLSv1_1
+ if ((exclude & DOVECOT_SSL_PROTO_TLSv1_1) != 0) op |= SSL_OP_NO_TLSv1_1;
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+ if ((exclude & DOVECOT_SSL_PROTO_TLSv1_2) != 0) op |= SSL_OP_NO_TLSv1_2;
+#endif
return op;
}
More information about the dovecot-cvs
mailing list