Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 123804
Status: resolved
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: hvn [...] open.com.au
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 1.83

Attachments


Subject: Patch: Add support SSL_CTX_set_min_proto_version, more SSL methods and TLS 1.3 constants
Date: Fri, 1 Dec 2017 19:55:31 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: Heikki Vatiainen <hvn [...] open.com.au>
Download (untitled) / with headers
text/plain 2.7k
Hello Mike, this patch adds new functions related to SSL_CTX_new. Please see below for the detailed changes. Most of the client and server specific SSL_METHOD functions are now available. The patch also adds support for a new API introduced in OpenSSL 1.1.0 for setting the permitted TLS versions. TLS 1.3 constants in the patch allow controlling version 1.3 with SSL_CTX_set_options and min/max_proto_version CTX and SSL setters. The patch also includes a new test file. Testing was done with various OpenSSL and LibreSSL versions ranging from OpenSSL 0.9.8 and LibreSSL 2.2.0 to OpenSSL current git master (1.1.1-dev) and LibresSSL 2.6.3. The patch does not include anything autogenerated by the constant helper script. The diff is against version patched with set_default_passwd_cb.patch2 I sent earlier this week. Thanks, Heikki * Added new TLS method functions: - SSLv23_method - SSLv23_server_method - SSLv23_client_method - TLSv1_server_method - TLSv1_client_method - TLSv1_1_server_method - TLSv1_1_client_method - TLSv1_2_server_method - TLSv1_2_client_method - TLS_method - TLS_server_method - TLS_client_method TLS_method, TLS_server_method and TLS_client_method are available with OpenSSL 1.1.0 and LibreSSL 2.2.2 and later. * Added new SSL_CTX and SSL method functions: These require OpenSSL 1.1.0 or LibreSSL 2.6.0 or later. - SSL_CTX_set_min_proto_version - SSL_CTX_set_max_proto_version - SSL_set_min_proto_version - SSL_set_max_proto_version These require OpenSSL 1.1.0g or later. - SSL_CTX_get_min_proto_version - SSL_CTX_get_max_proto_version - SSL_get_min_proto_version - SSL_get_max_proto_version Added constants for the new method functions: - SSL3_VERSION - TLS1_VERSION - TLS1_1_VERSION - TLS1_2_VERSION * Added constants for controlling TLS 1.3 use. SSL_OP_NO_TLSv1_3 allows turning off TLS 1.3 with SSL_CTX_set_options and SSL_set_options. TLS1_3_VERSION works with the recently added SSL_CTX_set_min/max_proto_version method functions and their SSL counterparts. These constants are available in OpenSSL 1.1.1 development branch. * Added pod entries for the new functions returning SSL_METHOD structures. Added pod entries for CTX_set_min_proto_version, CTX_set_max_proto_version, set_min_proto_version and set_max_proto_version and their respective getters. * Added tests for CTX_new related functions. These include CTX_set_min_proto_version, CTX_get_min_proto_version and the related functions. Added tests for TLS 1.3 constants TLS1_3_VERSION and OP_NO_TLSv1_3. -- Heikki Vatiainen <hvn@open.com.au>

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #123804] Patch: Add support SSL_CTX_set_min_proto_version, more SSL methods and TLS 1.3 constants
Date: Sat, 02 Dec 2017 17:31:57 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 3.5k
Thanks Heikki, your patch is now in SVN 507 Cheers. On Saturday, 2 December 2017 4:02:07 AM AEST you wrote: Show quoted text
> Fri Dec 01 13:02:06 2017: Request 123804 was acted upon. > Transaction: Ticket created by hvn@open.com.au > Queue: Net-SSLeay > Subject: Patch: Add support SSL_CTX_set_min_proto_version, more SSL > methods and TLS 1.3 constants Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: hvn@open.com.au > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=123804 > > > > Hello Mike, > > this patch adds new functions related to SSL_CTX_new. Please see below > for the detailed changes. > > Most of the client and server specific SSL_METHOD functions are now > available. The patch also adds support for a new API introduced in > OpenSSL 1.1.0 for setting the permitted TLS versions. > > TLS 1.3 constants in the patch allow controlling version 1.3 with > SSL_CTX_set_options and min/max_proto_version CTX and SSL setters. > > The patch also includes a new test file. Testing was done with various > OpenSSL and LibreSSL versions ranging from OpenSSL 0.9.8 and LibreSSL > 2.2.0 to OpenSSL current git master (1.1.1-dev) and LibresSSL 2.6.3. > > The patch does not include anything autogenerated by the constant helper > script. The diff is against version patched with > set_default_passwd_cb.patch2 I sent earlier this week. > > Thanks, > Heikki > > > * Added new TLS method functions: > - SSLv23_method > - SSLv23_server_method > - SSLv23_client_method > - TLSv1_server_method > - TLSv1_client_method > - TLSv1_1_server_method > - TLSv1_1_client_method > - TLSv1_2_server_method > - TLSv1_2_client_method > - TLS_method > - TLS_server_method > - TLS_client_method > > TLS_method, TLS_server_method and TLS_client_method are available > with OpenSSL 1.1.0 and LibreSSL 2.2.2 and later. > > * Added new SSL_CTX and SSL method functions: > These require OpenSSL 1.1.0 or LibreSSL 2.6.0 or later. > - SSL_CTX_set_min_proto_version > - SSL_CTX_set_max_proto_version > - SSL_set_min_proto_version > - SSL_set_max_proto_version > > These require OpenSSL 1.1.0g or later. > - SSL_CTX_get_min_proto_version > - SSL_CTX_get_max_proto_version > - SSL_get_min_proto_version > - SSL_get_max_proto_version > > Added constants for the new method functions: > - SSL3_VERSION > - TLS1_VERSION > - TLS1_1_VERSION > - TLS1_2_VERSION > > * Added constants for controlling TLS 1.3 use. > > SSL_OP_NO_TLSv1_3 allows turning off TLS 1.3 with > SSL_CTX_set_options and SSL_set_options. > > TLS1_3_VERSION works with the recently added > SSL_CTX_set_min/max_proto_version method functions > and their SSL counterparts. > > These constants are available in OpenSSL 1.1.1 > development branch. > > * Added pod entries for the new functions returning > SSL_METHOD structures. > > Added pod entries for CTX_set_min_proto_version, > CTX_set_max_proto_version, set_min_proto_version and > set_max_proto_version and their respective getters. > > * Added tests for CTX_new related functions. These > include CTX_set_min_proto_version, CTX_get_min_proto_version > and the related functions. > > Added tests for TLS 1.3 constants TLS1_3_VERSION and OP_NO_TLSv1_3.
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.