lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Ability to specify allowed ciphersuites based on the protocol version.

Browse Source 
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
This commit is contained in:
Paul Bakker
2013-04-15 15:09:54 +02:00
parent eff2e6d414
commit 8f4ddaeea9
5 changed files with 63 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
library/ssl_tls.c
View File

@ -2677,7 +2677,7 @@ int ssl_init( ssl_context *ssl )
ssl->min_major_ver = SSL_MAJOR_VERSION_3;
ssl->min_minor_ver = SSL_MINOR_VERSION_0;
ssl->ciphersuites = ssl_list_ciphersuites();
ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
#if defined(POLARSSL_DHM_C)
if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
@ -2862,7 +2862,22 @@ void ssl_set_session( ssl_context *ssl, const ssl_session *session )
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
{
ssl->ciphersuites = ciphersuites;
ssl->ciphersuite_list[SSL_MINOR_VERSION_0] = ciphersuites;
ssl->ciphersuite_list[SSL_MINOR_VERSION_1] = ciphersuites;
ssl->ciphersuite_list[SSL_MINOR_VERSION_2] = ciphersuites;
ssl->ciphersuite_list[SSL_MINOR_VERSION_3] = ciphersuites;
}
void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites,
int major, int minor )
{
if( major != SSL_MAJOR_VERSION_3 )
return;
if( minor < SSL_MINOR_VERSION_0 || minor > SSL_MINOR_VERSION_3 )
return;
ssl->ciphersuite_list[minor] = ciphersuites;
}
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,