mirror of
https://github.com/libp2p/go-openssl.git
synced 2025-04-23 17:40:31 +08:00
Added basic support for TLS 1.3
This commit is contained in:
Geoffrey Casper
Geo25rey
parent
6f65c2c3af
commit
396f700b81
32
ctx.go
32
ctx.go
@ -95,7 +95,7 @@ func NewCtxWithVersion(version SSLVersion) (*Ctx, error) {
|
||||
case TLSv1_2:
|
||||
method = C.X_TLSv1_2_method()
|
||||
case AnyVersion:
|
||||
method = C.X_SSLv23_method()
|
||||
method = C.X_TLS_method()
|
||||
}
|
||||
if method == nil {
|
||||
return nil, errors.New("unknown ssl/tls version")
|
||||
@ -361,6 +361,36 @@ func (c *Ctx) LoadVerifyLocations(ca_file string, ca_path string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
type Version int
|
||||
|
||||
const (
|
||||
SSL3_VERSION Version = C.SSL3_VERSION
|
||||
TLS1_VERSION Version = C.TLS1_VERSION
|
||||
TLS1_1_VERSION Version = C.TLS1_1_VERSION
|
||||
TLS1_2_VERSION Version = C.TLS1_2_VERSION
|
||||
TLS1_3_VERSION Version = C.TLS1_3_VERSION
|
||||
DTLS1_VERSION Version = C.DTLS1_VERSION
|
||||
DTLS1_2_VERSION Version = C.DTLS1_2_VERSION
|
||||
)
|
||||
|
||||
func (c *Ctx) SetMinProtoVersion(version Version) bool {
|
||||
return C.X_SSL_CTX_set_min_proto_version(
|
||||
c.ctx, C.int(version)) == 1
|
||||
}
|
||||
|
||||
func (c *Ctx) SetMaxProtoVersion(version Version) bool {
|
||||
return C.X_SSL_CTX_set_max_proto_version(
|
||||
c.ctx, C.int(version)) == 1
|
||||
}
|
||||
|
||||
func (c *Ctx) GetMinProtoVersion() Version {
|
||||
return Version(C.X_SSL_CTX_get_min_proto_version(c.ctx))
|
||||
}
|
||||
|
||||
func (c *Ctx) GetMaxProtoVersion() Version {
|
||||
return Version(C.X_SSL_CTX_get_max_proto_version(c.ctx))
|
||||
}
|
||||
|
||||
type Options int
|
||||
|
||||
const (
|
||||
|
||||
25
ctx_test.go
25
ctx_test.go
@ -46,3 +46,28 @@ func TestCtxSessCacheSizeOption(t *testing.T) {
|
||||
t.Error("SessSetCacheSize() does not save anything to ctx")
|
||||
}
|
||||
}
|
||||
|
||||
func TestCtxMinProtoVersion(t *testing.T) {
|
||||
ctx, _ := NewCtx()
|
||||
set_success := ctx.SetMinProtoVersion(TLS1_3_VERSION)
|
||||
if !set_success {
|
||||
t.Error("SetMinProtoVersion() does not return true")
|
||||
}
|
||||
get_version := ctx.GetMinProtoVersion()
|
||||
if (get_version & TLS1_3_VERSION) != TLS1_3_VERSION {
|
||||
t.Error("GetMinProtoVersion() does not return TLS1_3_VERSION")
|
||||
}
|
||||
}
|
||||
|
||||
func TestCtxMaxProtoVersion(t *testing.T) {
|
||||
ctx, _ := NewCtx()
|
||||
set_success := ctx.SetMaxProtoVersion(TLS1_3_VERSION)
|
||||
if !set_success {
|
||||
t.Error("SetMaxProtoVersion() does not return true")
|
||||
}
|
||||
get_version := ctx.GetMaxProtoVersion()
|
||||
if (get_version & TLS1_3_VERSION) != TLS1_3_VERSION {
|
||||
t.Error("GetMaxProtoVersion() does not return TLS1_3_VERSION")
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
20
shim.c
20
shim.c
@ -471,10 +471,30 @@ const SSL_METHOD *X_TLSv1_2_method() {
|
||||
#endif
|
||||
}
|
||||
|
||||
const SSL_METHOD *X_TLS_method() {
|
||||
return TLS_method();
|
||||
}
|
||||
|
||||
int X_SSL_CTX_new_index() {
|
||||
return SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
||||
}
|
||||
|
||||
int X_SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version) {
|
||||
return SSL_CTX_set_min_proto_version(ctx, version);
|
||||
}
|
||||
|
||||
int X_SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version) {
|
||||
return SSL_CTX_set_max_proto_version(ctx, version);
|
||||
}
|
||||
|
||||
int X_SSL_CTX_get_min_proto_version(SSL_CTX *ctx) {
|
||||
return SSL_CTX_get_min_proto_version(ctx);
|
||||
}
|
||||
|
||||
int X_SSL_CTX_get_max_proto_version(SSL_CTX *ctx) {
|
||||
return SSL_CTX_get_max_proto_version(ctx);
|
||||
}
|
||||
|
||||
long X_SSL_CTX_set_options(SSL_CTX* ctx, long options) {
|
||||
return SSL_CTX_set_options(ctx, options);
|
||||
}
|
||||
|
||||
7
shim.h
7
shim.h
@ -59,6 +59,7 @@ extern const SSL_METHOD *X_SSLv3_method();
|
||||
extern const SSL_METHOD *X_TLSv1_method();
|
||||
extern const SSL_METHOD *X_TLSv1_1_method();
|
||||
extern const SSL_METHOD *X_TLSv1_2_method();
|
||||
extern const SSL_METHOD *X_TLS_method();
|
||||
|
||||
#if defined SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
extern int sni_cb(SSL *ssl_conn, int *ad, void *arg);
|
||||
@ -92,6 +93,10 @@ extern int X_SSL_CTX_ticket_key_cb(SSL *s, unsigned char key_name[16],
|
||||
EVP_CIPHER_CTX *cctx, HMAC_CTX *hctx, int enc);
|
||||
extern int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
|
||||
unsigned int protos_len);
|
||||
extern int X_SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
|
||||
extern int X_SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
|
||||
extern int X_SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
|
||||
extern int X_SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
|
||||
|
||||
/* BIO methods */
|
||||
extern int X_BIO_get_flags(BIO *b);
|
||||
@ -179,4 +184,4 @@ extern int OBJ_create(const char *oid,const char *sn,const char *ln);
|
||||
|
||||
/* Extension helper method */
|
||||
extern const unsigned char * get_extention(X509 *x, int NID, int *data_len);
|
||||
extern int add_custom_ext(X509 *cert, int nid, char *value, int len);
|
||||
extern int add_custom_ext(X509 *cert, int nid, char *value, int len);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user