mirror of https://github.com/getdnsapi/getdns.git
Implement _getdns_tls_context_set_min_proto_1_2().
Add a flag to the context (so, it's actually got something useful there!) and check the connection version on a successful handshake. This means we need to access the context from a connection, so add a pointer to the context to the connection.
This commit is contained in:
Jim Hague
parent
64f0d6aaa8
commit
511dfc75ef
|
|
@ -34,6 +34,8 @@
|
|||
#ifndef _GETDNS_TLS_INTERNAL_H
|
||||
#define _GETDNS_TLS_INTERNAL_H
|
||||
|
||||
#include <stdbool.h>
|
||||
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/crypto.h>
|
||||
|
||||
|
|
@ -52,13 +54,14 @@
|
|||
|
||||
|
||||
typedef struct _getdns_tls_context {
|
||||
int unused;
|
||||
bool min_proto_1_2;
|
||||
} _getdns_tls_context;
|
||||
|
||||
typedef struct _getdns_tls_connection {
|
||||
gnutls_session_t tls;
|
||||
gnutls_certificate_credentials_t cred;
|
||||
int shutdown;
|
||||
_getdns_tls_context* ctx;
|
||||
} _getdns_tls_connection;
|
||||
|
||||
typedef struct _getdns_tls_session {
|
||||
|
|
|
|||
|
|
@ -95,6 +95,7 @@ _getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs)
|
|||
if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_context)))
|
||||
return NULL;
|
||||
|
||||
res->min_proto_1_2 = false;
|
||||
return res;
|
||||
}
|
||||
|
||||
|
|
@ -113,7 +114,9 @@ void _getdns_tls_context_dane_init(_getdns_tls_context* ctx)
|
|||
|
||||
getdns_return_t _getdns_tls_context_set_min_proto_1_2(_getdns_tls_context* ctx)
|
||||
{
|
||||
(void) ctx;
|
||||
if (!ctx)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
ctx->min_proto_1_2 = true;
|
||||
return GETDNS_RETURN_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
|
|
@ -157,6 +160,7 @@ _getdns_tls_connection* _getdns_tls_connection_new(struct mem_funcs* mfs, _getdn
|
|||
return NULL;
|
||||
|
||||
res->shutdown = 0;
|
||||
res->ctx = ctx;
|
||||
|
||||
r = gnutls_certificate_allocate_credentials(&res->cred);
|
||||
if (r == GNUTLS_E_SUCCESS)
|
||||
|
|
@ -270,8 +274,12 @@ getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn
|
|||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
|
||||
r = gnutls_handshake(conn->tls);
|
||||
if (r == GNUTLS_E_SUCCESS)
|
||||
if (r == GNUTLS_E_SUCCESS) {
|
||||
if (conn->ctx->min_proto_1_2 &&
|
||||
gnutls_protocol_get_version(conn->tls) < GNUTLS_TLS1_2)
|
||||
return GETDNS_RETURN_GENERIC_ERROR;
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
else
|
||||
return error_may_want_read_write(conn, r);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue