Adapt version-handling functions to DTLS

This commit is contained in:
Manuel Pégourié-Gonnard 2014-02-10 13:43:33 +01:00 committed by Paul Bakker
parent e29fd4beaf
commit b21ca2a69f
2 changed files with 53 additions and 10 deletions

View File

@ -959,6 +959,9 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
* \param transport transport type: * \param transport transport type:
* SSL_TRANSPORT_STREAM for TLS, * SSL_TRANSPORT_STREAM for TLS,
* SSL_TRANSPORT_DATAGRAM for DTLS. * SSL_TRANSPORT_DATAGRAM for DTLS.
*
* \note If DTLS is selected and max and/or min version are less
* than TLS 1.1 (DTLS 1.0) they are upped to that value.
*/ */
void ssl_set_transport( ssl_context *ssl, int transport ); void ssl_set_transport( ssl_context *ssl, int transport );
@ -1122,6 +1125,9 @@ void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
* \param minor Minor version number (SSL_MINOR_VERSION_0, * \param minor Minor version number (SSL_MINOR_VERSION_0,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
* SSL_MINOR_VERSION_3 supported) * SSL_MINOR_VERSION_3 supported)
*
* \note With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0
* and SSL_MINOR_VERSION_3 for DTLS 1.2
*/ */
void ssl_set_ciphersuites_for_version( ssl_context *ssl, void ssl_set_ciphersuites_for_version( ssl_context *ssl,
const int *ciphersuites, const int *ciphersuites,
@ -1379,6 +1385,9 @@ const char *ssl_get_alpn_protocol( const ssl_context *ssl );
* \param minor Minor version number (SSL_MINOR_VERSION_0, * \param minor Minor version number (SSL_MINOR_VERSION_0,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
* SSL_MINOR_VERSION_3 supported) * SSL_MINOR_VERSION_3 supported)
*
* \note With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0 and
* SSL_MINOR_VERSION_3 for DTLS 1.2
*/ */
void ssl_set_max_version( ssl_context *ssl, int major, int minor ); void ssl_set_max_version( ssl_context *ssl, int major, int minor );
@ -1395,6 +1404,9 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor );
* \param minor Minor version number (SSL_MINOR_VERSION_0, * \param minor Minor version number (SSL_MINOR_VERSION_0,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
* SSL_MINOR_VERSION_3 supported) * SSL_MINOR_VERSION_3 supported)
*
* \note With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0 and
* SSL_MINOR_VERSION_3 for DTLS 1.2
*/ */
void ssl_set_min_version( ssl_context *ssl, int major, int minor ); void ssl_set_min_version( ssl_context *ssl, int major, int minor );

View File

@ -3600,6 +3600,13 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
void ssl_set_transport( ssl_context *ssl, int transport ) void ssl_set_transport( ssl_context *ssl, int transport )
{ {
ssl->transport = transport; ssl->transport = transport;
/* DTLS starts with TLS1.1 */
if( ssl->min_minor_ver < SSL_MINOR_VERSION_2 )
ssl->min_minor_ver = SSL_MINOR_VERSION_2;
if( ssl->max_minor_ver < SSL_MINOR_VERSION_2 )
ssl->max_minor_ver = SSL_MINOR_VERSION_2;
} }
void ssl_set_authmode( ssl_context *ssl, int authmode ) void ssl_set_authmode( ssl_context *ssl, int authmode )
@ -3964,22 +3971,30 @@ const char *ssl_get_alpn_protocol( const ssl_context *ssl )
void ssl_set_max_version( ssl_context *ssl, int major, int minor ) void ssl_set_max_version( ssl_context *ssl, int major, int minor )
{ {
if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION && if( major < SSL_MIN_MAJOR_VERSION || major > SSL_MAX_MAJOR_VERSION ||
minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION ) minor < SSL_MIN_MINOR_VERSION || minor > SSL_MAX_MINOR_VERSION ||
( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
minor < SSL_MINOR_VERSION_2 ) )
{ {
return;
}
ssl->max_major_ver = major; ssl->max_major_ver = major;
ssl->max_minor_ver = minor; ssl->max_minor_ver = minor;
}
} }
void ssl_set_min_version( ssl_context *ssl, int major, int minor ) void ssl_set_min_version( ssl_context *ssl, int major, int minor )
{ {
if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION && if( major < SSL_MIN_MAJOR_VERSION || major > SSL_MAX_MAJOR_VERSION ||
minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION ) minor < SSL_MIN_MINOR_VERSION || minor > SSL_MAX_MINOR_VERSION ||
( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
minor < SSL_MINOR_VERSION_2 ) )
{ {
return;
}
ssl->min_major_ver = major; ssl->min_major_ver = major;
ssl->min_minor_ver = minor; ssl->min_minor_ver = minor;
}
} }
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
@ -4067,6 +4082,23 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl )
const char *ssl_get_version( const ssl_context *ssl ) const char *ssl_get_version( const ssl_context *ssl )
{ {
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
{
switch( ssl->minor_ver )
{
case SSL_MINOR_VERSION_2:
return( "DTLSv1.0" );
case SSL_MINOR_VERSION_3:
return( "DTLSv1.2" );
default:
return( "unknown (DTLS)" );
}
}
#endif
switch( ssl->minor_ver ) switch( ssl->minor_ver )
{ {
case SSL_MINOR_VERSION_0: case SSL_MINOR_VERSION_0:
@ -4082,9 +4114,8 @@ const char *ssl_get_version( const ssl_context *ssl )
return( "TLSv1.2" ); return( "TLSv1.2" );
default: default:
break;
}
return( "unknown" ); return( "unknown" );
}
} }
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)