1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Fix the problem of the DisableSslVersions patch.

This commit is contained in:
Raymond Tau 2015-11-23 16:15:10 +08:00
parent 8b1b67faed
commit 04b72873c7
4 changed files with 14 additions and 8 deletions

View File

@ -1803,6 +1803,8 @@ CEDAR *NewCedar(X *server_x, K *server_k)
c->BuildInfo = CopyStr(tmp); c->BuildInfo = CopyStr(tmp);
c->DisableSslVersions = SSL_OPT_DEFAULT;
return c; return c;
} }

View File

@ -415,8 +415,11 @@
#define NAME_SSL_VERSION_SSL_V2 "SSL_V2" // SSLv2 #define NAME_SSL_VERSION_SSL_V2 "SSL_V2" // SSLv2
#define NAME_SSL_VERSION_SSL_V3 "SSL_V3" // SSLv3 #define NAME_SSL_VERSION_SSL_V3 "SSL_V3" // SSLv3
#define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_0" // TLS v1.0 #define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_0" // TLS v1.0
#define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_1" // TLS v1.1 #define NAME_SSL_VERSION_TLS_V1_1 "TLS_V1_1" // TLS v1.1
#define NAME_SSL_VERSION_TLS_V1_0 "TLS_V1_2" // TLS v1.2 #define NAME_SSL_VERSION_TLS_V1_2 "TLS_V1_2" // TLS v1.2
// OpenSSL SSL Context Option Flags default
#define SSL_OPT_DEFAULT 0x0
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// //
@ -1065,7 +1068,7 @@ typedef struct CEDAR
LOCK *FifoBudgetLock; // Fifo budget lock LOCK *FifoBudgetLock; // Fifo budget lock
UINT FifoBudget; // Fifo budget UINT FifoBudget; // Fifo budget
bool AcceptOnlyTls; // Accept only TLS (Disable SSL) bool AcceptOnlyTls; // Accept only TLS (Disable SSL)
UINT DisableSslVersions = 0x0; // Bitmap of SSL Version to disable UINT DisableSslVersions; // Bitmap of SSL Version to disable
char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String
} CEDAR; } CEDAR;

View File

@ -6167,23 +6167,23 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
UINT i; UINT i;
for (i = 0;i < sslVersions->NumTokens;i++) for (i = 0;i < sslVersions->NumTokens;i++)
{ {
if (strcmp(tmp, NAME_SSL_VERSION_SSL_V2)) if (strcmp(tmp, NAME_SSL_VERSION_SSL_V2)) {
c->DisableSslVersions |= SSL_VERSION_SSL_V2; c->DisableSslVersions |= SSL_VERSION_SSL_V2;
continue; continue;
} }
if (strcmp(tmp, NAME_SSL_VERSION_SSL_V3)) if (strcmp(tmp, NAME_SSL_VERSION_SSL_V3)) {
c->DisableSslVersions |= SSL_VERSION_SSL_V3; c->DisableSslVersions |= SSL_VERSION_SSL_V3;
continue; continue;
} }
if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_0)) if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_0)) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_0; c->DisableSslVersions |= SSL_VERSION_TLS_V1_0;
continue; continue;
} }
if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_1)) if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_1)) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_1; c->DisableSslVersions |= SSL_VERSION_TLS_V1_1;
continue; continue;
} }
if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_2)) if (strcmp(tmp, NAME_SSL_VERSION_TLS_V1_2)) {
c->DisableSslVersions |= SSL_VERSION_TLS_V1_2; c->DisableSslVersions |= SSL_VERSION_TLS_V1_2;
continue; continue;
} }

View File

@ -155,6 +155,7 @@
#ifdef UNIX_MACOS #ifdef UNIX_MACOS
#include <sys/event.h> #include <sys/event.h>
#endif // UNIX_MACOS #endif // UNIX_MACOS
#include <Cedar/Cedar.h>
#ifdef OS_WIN32 #ifdef OS_WIN32
NETWORK_WIN32_FUNCTIONS *w32net; NETWORK_WIN32_FUNCTIONS *w32net;