From 924c47dd50a7b74136b8a60e9ea8d347ff65425b Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 29 Sep 2018 22:59:37 -0600 Subject: * Add the /tls1_3 modifier to establish connections use the TLS protocol version 1.3. --- imap/src/osdep/unix/ssl_unix.c | 67 +++++++++++++++++++++++++++++++----------- 1 file changed, 50 insertions(+), 17 deletions(-) (limited to 'imap/src/osdep/unix') diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 4c4d6ef8..ffd37775 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -36,15 +36,30 @@ #ifdef OPENSSL_1_1_0 #include #include +#ifdef TLSv1_client_method +#undef TLSv1_client_method +#endif /* TLSv1_client_method */ #ifdef TLSv1_1_client_method #undef TLSv1_1_client_method #endif /* TLSv1_1_client_method */ #ifdef TLSv1_2_client_method #undef TLSv1_2_client_method #endif /* TLSv1_2_client_method */ +#ifdef DTLSv1_client_method +#undef DTLSv1_client_method +#endif /* DTLSv1_client_method */ +#ifdef DTLSv1_2_client_method +#undef DTLSv1_2_client_method +#endif /* DTLSv1_2_client_method */ +#define TLSv1_client_method TLS_client_method #define TLSv1_1_client_method TLS_client_method #define TLSv1_2_client_method TLS_client_method +#define DTLSv1_client_method DTLS_client_method +#define DTLSv1_2_client_method DTLS_client_method #endif /* OPENSSL_1_1_0 */ +#ifndef DTLSv1_2_client_method +#define DTLSv1_2_client_method DTLSv1_client_method +#endif /* DTLSv1_2_client_method */ #undef STRING #undef crypt @@ -186,26 +201,44 @@ SSLSTREAM *ssl_aopen (NETMBX *mb,char *service,char *usrbuf) */ const SSL_METHOD *ssl_connect_mthd(int flag) { -#ifdef OPENSSL_1_1_0 - if(flag & NET_TRYTLS1) - return TLS_client_method(); + if (flag & NET_TRYTLS1) +#ifndef OPENSSL_NO_TLS1_METHOD + return TLSv1_client_method(); #else - if(flag & NET_TRYTLS1) - return TLSv1_client_method(); -#endif /* OPENSSL_1_1_0 */ -#ifdef TLSV1_2 - else if(flag & NET_TRYTLS1_1) - return TLSv1_1_client_method(); - else if(flag & NET_TRYTLS1_2) - return TLSv1_2_client_method(); -#endif /* TLSV1_2 */ -#ifdef OPENSSL_1_1_0 - else if(flag & NET_TRYDTLS1) - return DTLS_client_method(); + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_METHOD */ + + else if(flag & NET_TRYTLS1_1) +#ifndef OPENSSL_NO_TLS1_1_METHOD + return TLSv1_1_client_method(); +#else + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_1_METHOD */ + + else if(flag & NET_TRYTLS1_2) +#ifndef OPENSSL_NO_TLS1_2_METHOD + return TLSv1_2_client_method(); #else + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_2_METHOD */ + + else if(flag & NET_TRYTLS1_3) + return TLS_client_method(); + else if(flag & NET_TRYDTLS1) - return DTLSv1_client_method(); -#endif /* OPENSSL_1_1_0 */ +#ifndef OPENSSL_NO_DTLS1_METHOD + return DTLSv1_client_method(); +#else + return DTLS_client_method(); +#endif /* OPENSSL_NO_DTLS1_METHOD */ + + else if(flag & NET_TRYDTLS1_2) +#ifndef OPENSSL_NO_DTLS1_METHOD + return DTLSv1_2_client_method(); +#else + return DTLS_client_method(); +#endif /* OPENSSL_NO_DTLS1_METHOD */ + else return SSLv23_client_method(); } -- cgit v1.2.3-70-g09d2