1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Apply security level override in azure client mode

This commit is contained in:
Yihong Wu 2021-12-17 19:06:55 +08:00
parent 68dc4e23d8
commit 1c1560f6ca
2 changed files with 9 additions and 7 deletions

View File

@ -103,6 +103,8 @@ void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param)
SetTimeout(ns, param->DataTimeout); SetTimeout(ns, param->DataTimeout);
Copy(&ns->SslAcceptSettings, &ac->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS));
if (StartSSLEx(ns, NULL, NULL, 0, NULL)) if (StartSSLEx(ns, NULL, NULL, 0, NULL))
{ {
// Check certification // Check certification

View File

@ -11719,13 +11719,6 @@ bool StartSSLEx2(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
} }
#endif // SSL_OP_NO_TLSv1_3 #endif // SSL_OP_NO_TLSv1_3
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (sock->SslAcceptSettings.Override_Security_Level)
{
SSL_CTX_set_security_level(ssl_ctx, sock->SslAcceptSettings.Override_Security_Level_Value);
}
#endif
Unlock(openssl_lock); Unlock(openssl_lock);
if (chain == NULL) if (chain == NULL)
{ {
@ -11748,6 +11741,13 @@ bool StartSSLEx2(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
Lock(openssl_lock); Lock(openssl_lock);
} }
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (sock->SslAcceptSettings.Override_Security_Level)
{
SSL_CTX_set_security_level(ssl_ctx, sock->SslAcceptSettings.Override_Security_Level_Value);
}
#endif
sock->ssl = SSL_new(ssl_ctx); sock->ssl = SSL_new(ssl_ctx);
SSL_set_fd(sock->ssl, (int)sock->socket); SSL_set_fd(sock->ssl, (int)sock->socket);