$NetBSD: patch-ac,v 1.5 2021/04/13 10:26:57 nia Exp $ * Include sys/filio.h for FIONBIO etc. * Drop SSLv2 support * Add TLSv1 support --- lhs.c.orig 2001-02-27 17:37:10.000000000 +0000 +++ lhs.c @@ -25,6 +25,9 @@ #include #endif #include "lhs.h" +#if defined (__sun) +#include +#endif #define debug(x...) { if (verbose) printf(x); } @@ -467,12 +470,10 @@ int init_ssl() SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); - if (ssl_protocol == SSL2_VERSION) - ctx = SSL_CTX_new(SSLv2_method()); - else { - ctx = SSL_CTX_new(SSLv23_method()); - SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); - } + ctx = SSL_CTX_new(SSLv23_method()); + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + if (ssl_protocol == TLS1_VERSION) + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); if (!ctx) { fprintf(stderr, "SSL_CTX_new failed.\n"); return 0; @@ -511,13 +512,13 @@ SSL *init_ssl_socket(int sock) return NULL; } // SSL_set_session_id_context(ssl,AppContext,sizeof(AppContext)); - switch(ssl->session->ssl_version) { - case SSL2_VERSION: - debug("ssl2\n"); - break; + switch(SSL_SESSION_get_protocol_version(SSL_get_session(ssl))) { case SSL3_VERSION: debug("ssl3\n"); break; + case TLS1_VERSION: + debug("tls3\n"); + break; default: debug("nieznany standard szyfrowania\n"); } @@ -536,14 +537,14 @@ SSL *init_ssl_socket(int sock) return ssl; } -inline int my_read(int fd, char *buf, int size, void *ssl) +int my_read(int fd, char *buf, int size, void *ssl) { return (!ssl) ? read(fd, buf, size) : SSL_read((SSL*) ssl, buf, size); } -inline int my_write(int fd, char *buf, int size, void *ssl) +int my_write(int fd, char *buf, int size, void *ssl) { int res, one; @@ -592,7 +593,7 @@ void usage(char *a0) " -s version set SSL protocol version (default: SSLv2)\n" " -c filename load certificate file (default: lhs.pem)\n" #endif -" -r path set server's root directory (default: /home/httpd/html)\n" +" -r path set server's root directory (default: " DEFAULT_ROOT_DIR ")\n" " -u user switch to other user after startup\n" " -g group change gid to other than user's\n" " -m socks set number of sockets (default: 50, min: 3)\n" @@ -633,8 +634,8 @@ int main(int argc, char **argv) cert_file = optarg; break; case 's': - if (!strcasecmp(optarg, "ssl2") || !strcasecmp(optarg, "sslv2")) - ssl_protocol = SSL2_VERSION; + if (!strcasecmp(optarg, "tls1") || !strcasecmp(optarg, "tls1")) + ssl_protocol = TLS1_VERSION; else if (!strcasecmp(optarg, "ssl3") || !strcasecmp(optarg, "sslv3")) ssl_protocol = SSL3_VERSION; else {