diff options
| author | Rainer Jung <rjung@apache.org> | 2016-03-20 19:26:22 +0100 |
|---|---|---|
| committer | Rainer Jung <rjung@apache.org> | 2016-03-20 19:26:22 +0100 |
| commit | fc8497424b5f66d20218087461be4e96212bae3e (patch) | |
| tree | 43d64393171212d59f21592b735db6122494d5eb /support/ab.c | |
| parent | Support for OpenSSL 1.1.0: (diff) | |
| download | apache2-fc8497424b5f66d20218087461be4e96212bae3e.tar.xz apache2-fc8497424b5f66d20218087461be4e96212bae3e.zip | |
Support for OpenSSL 1.1.0:
- ab: use new API SSL_CTX_set_max_proto_version()
and SSL_CTX_set_min_proto_version() in
combination with TLS_client_method() instead
of the old deprecated methods.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1735891 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'support/ab.c')
| -rw-r--r-- | support/ab.c | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/support/ab.c b/support/ab.c index 6d1cef8718..102976e345 100644 --- a/support/ab.c +++ b/support/ab.c @@ -2161,6 +2161,14 @@ int main(int argc, const char * const argv[]) apr_getopt_t *opt; const char *opt_arg; char c; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + int max_prot = TLS1_2_VERSION; +#ifndef OPENSSL_NO_SSL3 + int min_prot = SSL3_VERSION; +#else + int min_prot = TLS1_VERSION; +#endif +#endif /* #if OPENSSL_VERSION_NUMBER >= 0x10100000L */ #ifdef USE_SSL AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method(); #endif @@ -2378,14 +2386,13 @@ int main(int argc, const char * const argv[]) method_str[CUSTOM_METHOD] = strdup(opt_arg); break; case 'f': +#if OPENSSL_VERSION_NUMBER < 0x10100000L if (strncasecmp(opt_arg, "ALL", 3) == 0) { meth = SSLv23_client_method(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L #ifndef OPENSSL_NO_SSL2 } else if (strncasecmp(opt_arg, "SSL2", 4) == 0) { meth = SSLv2_client_method(); #endif -#endif #ifndef OPENSSL_NO_SSL3 } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) { meth = SSLv3_client_method(); @@ -2399,6 +2406,31 @@ int main(int argc, const char * const argv[]) } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) { meth = TLSv1_client_method(); } +#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */ + meth = TLS_client_method(); + if (strncasecmp(opt_arg, "ALL", 3) == 0) { + max_prot = TLS1_2_VERSION; +#ifndef OPENSSL_NO_SSL3 + min_prot = SSL3_VERSION; +#else + min_prot = TLS1_VERSION; +#endif +#ifndef OPENSSL_NO_SSL3 + } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) { + max_prot = SSL3_VERSION; + min_prot = SSL3_VERSION; +#endif + } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) { + max_prot = TLS1_1_VERSION; + min_prot = TLS1_1_VERSION; + } else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) { + max_prot = TLS1_2_VERSION; + min_prot = TLS1_2_VERSION; + } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) { + max_prot = TLS1_VERSION; + min_prot = TLS1_VERSION; + } +#endif /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */ break; #endif } @@ -2460,6 +2492,10 @@ int main(int argc, const char * const argv[]) exit(1); } SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + SSL_CTX_set_max_proto_version(ssl_ctx, max_prot); + SSL_CTX_set_min_proto_version(ssl_ctx, min_prot); +#endif #ifdef SSL_MODE_RELEASE_BUFFERS /* Keep memory usage as low as possible */ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS); |