Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
241520e6
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
241520e6
编写于
19年前
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
More TLS extension related changes.
Submitted by: Peter Sylvester
上级
a13c20f6
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
74 addition
and
43 deletion
+74
-43
CHANGES
CHANGES
+9
-8
apps/s_cb.c
apps/s_cb.c
+16
-1
apps/s_client.c
apps/s_client.c
+1
-1
apps/s_server.c
apps/s_server.c
+10
-9
ssl/s23_clnt.c
ssl/s23_clnt.c
+4
-0
ssl/s3_clnt.c
ssl/s3_clnt.c
+9
-2
ssl/s3_srvr.c
ssl/s3_srvr.c
+11
-6
ssl/t1_lib.c
ssl/t1_lib.c
+8
-13
ssl/tls1.h
ssl/tls1.h
+6
-3
未找到文件。
CHANGES
浏览文件 @
241520e6
...
...
@@ -26,14 +26,15 @@
- SSL_CTX_set_tlsext_servername_arg()
SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname()
openssl s_client has a new '-servername' option.
openssl s_server has new options '-servername', '-cert2', and '-key2'
(subject to change); this allows testing the HostName extension for a
specific single host name ('-cert' and '-key' remain fallbacks for
handshakes without HostName negotiation).
The option servername_warn allows to return a warning alert instead of
a fatal alert in case of servername mismatch.
openssl s_client has a new '-servername ...' option.
openssl s_server has new options '-servername_host ...', '-cert2 ...',
'-key2 ...', '-servername_fatal' (subject to change). This allows
testing the HostName extension for a specific single host name ('-cert'
and '-key' remain fallbacks for handshakes without HostName
negotiation). If the unrecogninzed_name alert has to be sent, this by
default is a warning; it becomes fatal with the '-servername_fatal'
option.
[Peter Sylvester, Remy Allais, Christophe Renou]
...
...
This diff is collapsed.
Click to expand it.
apps/s_cb.c
浏览文件 @
241520e6
...
...
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-200
1
The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-200
6
The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
...
...
@@ -504,6 +504,21 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
case
100
:
str_details2
=
" no_renegotiation"
;
break
;
case
110
:
str_details2
=
" unsupported_extension"
;
break
;
case
111
:
str_details2
=
" certificate_unobtainable"
;
break
;
case
112
:
str_details2
=
" unrecognized_name"
;
break
;
case
113
:
str_details2
=
" bad_certificate_status_response"
;
break
;
case
114
:
str_details2
=
" bad_certificate_hash_value"
;
break
;
}
}
}
...
...
This diff is collapsed.
Click to expand it.
apps/s_client.c
浏览文件 @
241520e6
...
...
@@ -245,7 +245,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
else
BIO_printf
(
bio_err
,
"Can't use SSL_get_servername
\n
"
);
return
1
;
return
SSL_TLSEXT_ERR_OK
;
}
#endif
...
...
This diff is collapsed.
Click to expand it.
apps/s_server.c
浏览文件 @
241520e6
...
...
@@ -367,7 +367,7 @@ static void sv_usage(void)
BIO_printf
(
bio_err
,
" -rand file%cfile%c...
\n
"
,
LIST_SEPARATOR_CHAR
,
LIST_SEPARATOR_CHAR
);
#ifndef OPENSSL_NO_TLSEXT
BIO_printf
(
bio_err
,
" -servername host - servername for HostName TLS extension
\n
"
);
BIO_printf
(
bio_err
,
" -servername_
warn - on mismatch send warning (default fatal
alert)
\n
"
);
BIO_printf
(
bio_err
,
" -servername_
fatal - on mismatch send fatal alert (default warning
alert)
\n
"
);
BIO_printf
(
bio_err
,
" -cert2 arg - certificate file to use for servername
\n
"
);
BIO_printf
(
bio_err
,
" (default is %s)
\n
"
,
TEST_CERT2
);
BIO_printf
(
bio_err
,
" -key2 arg - Private Key file to use for servername, in cert file if
\n
"
);
...
...
@@ -534,7 +534,7 @@ static int ebcdic_puts(BIO *bp, const char *str)
typedef
struct
tlsextctx_st
{
char
*
servername
;
BIO
*
biodebug
;
int
servername_warn
;
int
extension_error
;
}
tlsextctx
;
...
...
@@ -546,18 +546,19 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
BIO_printf
(
p
->
biodebug
,
"Hostname in TLS extension:
\"
%s
\"\n
"
,
servername
);
if
(
!
p
->
servername
)
return
1
;
return
SSL_TLSEXT_ERR_NOACK
;
if
(
servername
)
{
if
(
strcmp
(
servername
,
p
->
servername
))
return
p
->
servername_warn
;
if
(
ctx2
)
{
return
p
->
extension_error
;
if
(
ctx2
)
{
BIO_printf
(
p
->
biodebug
,
"Swiching server context.
\n
"
);
SSL_set_SSL_CTX
(
s
,
ctx2
);
}
}
return
1
;
return
SSL_TLSEXT_ERR_OK
;
}
#endif
...
...
@@ -597,7 +598,7 @@ int MAIN(int argc, char *argv[])
#endif
#ifndef OPENSSL_NO_TLSEXT
tlsextctx
tlsextcbp
=
{
NULL
,
NULL
,
-
1
};
tlsextctx
tlsextcbp
=
{
NULL
,
NULL
,
SSL_TLSEXT_ERR_ALERT_WARNING
};
#endif
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth
=
SSLv23_server_method
();
...
...
@@ -846,8 +847,8 @@ int MAIN(int argc, char *argv[])
if
(
--
argc
<
1
)
goto
bad
;
tlsextcbp
.
servername
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-servername_
warn
"
)
==
0
)
{
tlsextcbp
.
servername_warn
=
0
;
}
else
if
(
strcmp
(
*
argv
,
"-servername_
fatal
"
)
==
0
)
{
tlsextcbp
.
extension_error
=
SSL_TLSEXT_ERR_ALERT_FATAL
;
}
else
if
(
strcmp
(
*
argv
,
"-cert2"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
...
...
This diff is collapsed.
Click to expand it.
ssl/s23_clnt.c
浏览文件 @
241520e6
...
...
@@ -565,6 +565,7 @@ static int ssl23_get_server_hello(SSL *s)
(
p
[
5
]
==
SSL3_MT_SERVER_HELLO
))
{
/* we have sslv3 or tls1 */
have_sslv3_or_tls1:
if
(
!
ssl_init_wbio_buffer
(
s
,
1
))
goto
err
;
...
...
@@ -623,6 +624,9 @@ static int ssl23_get_server_hello(SSL *s)
cb
(
s
,
SSL_CB_READ_ALERT
,
j
);
}
if
(
p
[
5
]
==
SSL3_AL_WARNING
)
goto
have_sslv3_or_tls1
;
s
->
rwstate
=
SSL_NOTHING
;
SSLerr
(
SSL_F_SSL23_GET_SERVER_HELLO
,
SSL_AD_REASON_OFFSET
+
p
[
6
]);
goto
err
;
...
...
This diff is collapsed.
Click to expand it.
ssl/s3_clnt.c
浏览文件 @
241520e6
...
...
@@ -258,12 +258,19 @@ int ssl3_connect(SSL *s)
#ifndef OPENSSL_NO_TLSEXT
{
int
al
;
if
(
ssl_check_tlsext
(
s
,
&
al
)
<=
0
)
switch
(
ssl_check_tlsext
(
s
,
&
al
)
)
{
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
/* XXX does this *have* to be fatal? */
case
SSL_TLSEXT_ERR_ALERT_FATAL
:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
SSLerr
(
SSL_F_SSL3_CONNECT
,
SSL_R_SERVERHELLO_TLS_EXT
);
ret
=
-
1
;
goto
end
;
case
SSL_TLSEXT_ERR_ALERT_WARNING
:
ssl3_send_alert
(
s
,
SSL3_AL_WARNING
,
al
);
default:
;
}
}
#endif
...
...
This diff is collapsed.
Click to expand it.
ssl/s3_srvr.c
浏览文件 @
241520e6
...
...
@@ -283,16 +283,21 @@ int ssl3_accept(SSL *s)
if
(
ret
<=
0
)
goto
end
;
#ifndef OPENSSL_NO_TLSEXT
{
int
al
,
warn
;
warn
=
ssl_check_tlsext
(
s
,
&
al
);
if
(
warn
==
0
)
ssl3_send_alert
(
s
,
SSL3_AL_WARNING
,
al
);
else
if
(
warn
<
0
)
{
int
al
;
switch
(
ssl_check_tlsext
(
s
,
&
al
))
{
case
SSL_TLSEXT_ERR_ALERT_FATAL
:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
SSLerr
(
SSL_F_SSL3_ACCEPT
,
SSL_R_CLIENTHELLO_TLS_EXT
);
ret
=
-
1
;
goto
end
;
}
case
SSL_TLSEXT_ERR_ALERT_WARNING
:
ssl3_send_alert
(
s
,
SSL3_AL_WARNING
,
al
);
default:
break
;
}
}
#endif
s
->
new_session
=
2
;
...
...
This diff is collapsed.
Click to expand it.
ssl/t1_lib.c
浏览文件 @
241520e6
...
...
@@ -389,22 +389,17 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
int
ssl_check_tlsext
(
SSL
*
s
,
int
*
al
)
{
int
ret
;
int
ret
=
SSL_TLSEXT_ERR_NOACK
;
*
al
=
SSL_AD_UNRECOGNIZED_NAME
;
if
(
s
->
ctx
!=
NULL
&&
s
->
ctx
->
tlsext_servername_callback
!=
0
)
{
if
(
s
->
ctx
!=
NULL
&&
s
->
ctx
->
tlsext_servername_callback
!=
0
)
ret
=
s
->
ctx
->
tlsext_servername_callback
(
s
,
al
,
s
->
ctx
->
tlsext_servername_arg
);
if
(
ret
<=
0
)
return
ret
;
}
else
if
(
s
->
initial_ctx
!=
NULL
&&
s
->
initial_ctx
->
tlsext_servername_callback
!=
0
)
{
else
if
(
s
->
initial_ctx
!=
NULL
&&
s
->
initial_ctx
->
tlsext_servername_callback
!=
0
)
ret
=
s
->
initial_ctx
->
tlsext_servername_callback
(
s
,
al
,
s
->
initial_ctx
->
tlsext_servername_arg
);
if
(
ret
<=
0
)
return
ret
;
}
return
1
;
if
(
ret
==
SSL_TLSEXT_ERR_NOACK
)
s
->
servername_done
=
0
;
return
ret
;
}
#endif
This diff is collapsed.
Click to expand it.
ssl/tls1.h
浏览文件 @
241520e6
...
...
@@ -180,12 +180,15 @@ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
#define SSL_TLSEXT_ERR_OK 0
#define SSL_TLSEXT_ERR_ALERT_WARNING 1
#define SSL_TLSEXT_ERR_ALERT_FATAL 2
#define SSL_TLSEXT_ERR_NOACK 3
#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
#define SSL_set_tlsext_servername_done(s,t) \
SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE,t, NULL)
#endif
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部