generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-13 22:50:17 +02:00
Code Issues Projects Releases Wiki Activity

enabled TLSv1.1 and 1.2 support in configuration

Browse Source
This commit is contained in:
Guenter Obiltschnig
2014-09-02 18:54:12 +02:00
parent 3f1e2c002a
commit 1a81dbef15
2 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
View File

@@ -92,6 +92,8 @@ class NetSSL_API SSLManager
/// <sessionTimeout>0..n</sessionTimeout> <!-- server only --> /// <sessionTimeout>0..n</sessionTimeout> <!-- server only -->
/// <extendedVerification>true|false</extendedVerification> /// <extendedVerification>true|false</extendedVerification>
/// <requireTLSv1>true|false</requireTLSv1> /// <requireTLSv1>true|false</requireTLSv1>
/// <requireTLSv1_1>true|false</requireTLSv1_1>
/// <requireTLSv1_2>true|false</requireTLSv1_2>
/// </server|client> /// </server|client>
/// <fips>false</fips> /// <fips>false</fips>
/// </openSSL> /// </openSSL>
@@ -133,6 +135,8 @@ class NetSSL_API SSLManager
/// - extendedVerification (boolean): Enable or disable the automatic post-connection /// - extendedVerification (boolean): Enable or disable the automatic post-connection
/// extended certificate verification. /// extended certificate verification.
/// - requireTLSv1 (boolean): Require a TLSv1 connection. /// - requireTLSv1 (boolean): Require a TLSv1 connection.
/// - requireTLSv1_1 (boolean): Require a TLSv1.1 connection.
/// - requireTLSv1_2 (boolean): Require a TLSv1.2 connection.
/// - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version /// - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version
/// that this library is built against supports FIPS mode. /// that this library is built against supports FIPS mode.
{ {
@@ -313,6 +317,8 @@ private:
static const std::string CFG_SESSION_TIMEOUT; static const std::string CFG_SESSION_TIMEOUT;
static const std::string CFG_EXTENDED_VERIFICATION; static const std::string CFG_EXTENDED_VERIFICATION;
static const std::string CFG_REQUIRE_TLSV1; static const std::string CFG_REQUIRE_TLSV1;
static const std::string CFG_REQUIRE_TLSV1_1;
static const std::string CFG_REQUIRE_TLSV1_2;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
static const std::string CFG_FIPS_MODE; static const std::string CFG_FIPS_MODE;

30
NetSSL_OpenSSL/src/SSLManager.cpp
View File

@@ -54,6 +54,8 @@ const std::string SSLManager::CFG_SESSION_CACHE_SIZE("sessionCacheSize");
const std::string SSLManager::CFG_SESSION_TIMEOUT("sessionTimeout"); const std::string SSLManager::CFG_SESSION_TIMEOUT("sessionTimeout");
const std::string SSLManager::CFG_EXTENDED_VERIFICATION("extendedVerification"); const std::string SSLManager::CFG_EXTENDED_VERIFICATION("extendedVerification");
const std::string SSLManager::CFG_REQUIRE_TLSV1("requireTLSv1"); const std::string SSLManager::CFG_REQUIRE_TLSV1("requireTLSv1");
const std::string SSLManager::CFG_REQUIRE_TLSV1_1("requireTLSv1_1");
const std::string SSLManager::CFG_REQUIRE_TLSV1_2("requireTLSv1_2");
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
const std::string SSLManager::CFG_FIPS_MODE("openSSL.fips"); const std::string SSLManager::CFG_FIPS_MODE("openSSL.fips");
const bool SSLManager::VAL_FIPS_MODE(false); const bool SSLManager::VAL_FIPS_MODE(false);
@@ -251,10 +253,34 @@ void SSLManager::initDefaultContext(bool server)
std::string cipherList = config.getString(prefix + CFG_CIPHER_LIST, VAL_CIPHER_LIST); std::string cipherList = config.getString(prefix + CFG_CIPHER_LIST, VAL_CIPHER_LIST);
cipherList = config.getString(prefix + CFG_CYPHER_LIST, cipherList); // for backwards compatibility cipherList = config.getString(prefix + CFG_CYPHER_LIST, cipherList); // for backwards compatibility
bool requireTLSv1 = config.getBool(prefix + CFG_REQUIRE_TLSV1, false); bool requireTLSv1 = config.getBool(prefix + CFG_REQUIRE_TLSV1, false);
bool requireTLSv1_1 = config.getBool(prefix + CFG_REQUIRE_TLSV1_1, false);
bool requireTLSv1_2 = config.getBool(prefix + CFG_REQUIRE_TLSV1_2, false);
Context::Usage usage;
if (server) if (server)
_ptrDefaultServerContext = new Context(requireTLSv1 ? Context::TLSV1_SERVER_USE : Context::SERVER_USE, privKeyFile, certFile, caLocation, verMode, verDepth, loadDefCA, cipherList); {
if (requireTLSv1_2)
usage = Context::TLSV1_2_SERVER_USE;
else if (requireTLSv1_1)
usage = Context::TLSV1_1_SERVER_USE;
else if (requireTLSv1)
usage = Context::TLSV1_SERVER_USE;
else
usage = Context::SERVER_USE;
}
else else
_ptrDefaultClientContext = new Context(requireTLSv1 ? Context::TLSV1_CLIENT_USE : Context::CLIENT_USE, privKeyFile, certFile, caLocation, verMode, verDepth, loadDefCA, cipherList); {
if (requireTLSv1_2)
usage = Context::TLSV1_2_CLIENT_USE;
else if (requireTLSv1_1)
usage = Context::TLSV1_1_CLIENT_USE;
else if (requireTLSv1)
usage = Context::TLSV1_CLIENT_USE;
else
usage = Context::CLIENT_USE;
}
_ptrDefaultClientContext = new Context(usage, privKeyFile, certFile, caLocation, verMode, verDepth, loadDefCA, cipherList);
bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false); bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
if (server) if (server)