Support setting enabled TLS versions in mod_sofia
Previously if tls-version was set to tlsv1 we supported only TLSv1, but if it was set to sslv23 we supported all versions of TLS. This was a weird incorrectly documented behavior that we hope no one was relying on. Now we can pass a comma-separated list of TLS/SSL versions that we would like to support in tls-version. FS-5839 --resolve
This commit is contained in:
Travis Cross
parent
7f772b2601
commit
3a753f1de2
|
|
@ -438,6 +438,14 @@ typedef enum {
|
||||||
SOFIA_TRANSPORT_SCTP
|
SOFIA_TRANSPORT_SCTP
|
||||||
} sofia_transport_t;
|
} sofia_transport_t;
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
SOFIA_TLS_VERSION_SSLv2 = (1 << 0),
|
||||||
|
SOFIA_TLS_VERSION_SSLv3 = (1 << 1),
|
||||||
|
SOFIA_TLS_VERSION_TLSv1 = (1 << 2),
|
||||||
|
SOFIA_TLS_VERSION_TLSv1_1 = (1 << 3),
|
||||||
|
SOFIA_TLS_VERSION_TLSv1_2 = (1 << 4),
|
||||||
|
} sofia_tls_version_t;
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
SOFIA_GATEWAY_DOWN,
|
SOFIA_GATEWAY_DOWN,
|
||||||
SOFIA_GATEWAY_UP,
|
SOFIA_GATEWAY_UP,
|
||||||
|
|
|
||||||
|
|
@ -4579,11 +4579,26 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
|
||||||
} else if (!strcasecmp(var, "tls-verify-in-subjects")) {
|
} else if (!strcasecmp(var, "tls-verify-in-subjects")) {
|
||||||
profile->tls_verify_in_subjects_str = switch_core_strdup(profile->pool, val);
|
profile->tls_verify_in_subjects_str = switch_core_strdup(profile->pool, val);
|
||||||
} else if (!strcasecmp(var, "tls-version")) {
|
} else if (!strcasecmp(var, "tls-version")) {
|
||||||
|
char *ps = val, *pe;
|
||||||
if (!strcasecmp(val, "tlsv1")) {
|
while (1) {
|
||||||
profile->tls_version = 1;
|
int n;
|
||||||
} else {
|
pe = strchr(ps,',');
|
||||||
profile->tls_version = 0;
|
if (!pe && !(pe = memchr(ps,0,1024))) break;
|
||||||
|
n = pe-ps;
|
||||||
|
if (n==5 && !strncasecmp(ps, "sslv2", n))
|
||||||
|
profile->tls_version |= SOFIA_TLS_VERSION_SSLv2;
|
||||||
|
if (n==5 && !strncasecmp(ps, "sslv3", n))
|
||||||
|
profile->tls_version |= SOFIA_TLS_VERSION_SSLv3;
|
||||||
|
if (n==6 && !strncasecmp(ps, "sslv23", n))
|
||||||
|
profile->tls_version |= SOFIA_TLS_VERSION_SSLv2 | SOFIA_TLS_VERSION_SSLv3;
|
||||||
|
if (n==5 && !strncasecmp(ps, "tlsv1", n))
|
||||||
|
profile->tls_version |= SOFIA_TLS_VERSION_TLSv1;
|
||||||
|
if (n==7 && !strncasecmp(ps, "tlsv1.1", n))
|
||||||
|
profile->tls_version |= SOFIA_TLS_VERSION_TLSv1_1;
|
||||||
|
if (n==7 && !strncasecmp(ps, "tlsv1.2", n))
|
||||||
|
profile->tls_version |= SOFIA_TLS_VERSION_TLSv1_2;
|
||||||
|
ps=pe+1;
|
||||||
|
if (!*pe) break;
|
||||||
}
|
}
|
||||||
} else if (!strcasecmp(var, "tls-timeout")) {
|
} else if (!strcasecmp(var, "tls-timeout")) {
|
||||||
int v = atoi(val);
|
int v = atoi(val);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue