PostgreSQL Source Code  git master
protocol_openssl.c File Reference
#include "postgres.h"
#include "common/openssl.h"
Include dependency graph for protocol_openssl.c:

Go to the source code of this file.

Functions

int SSL_CTX_set_min_proto_version (SSL_CTX *ctx, int version)
 
int SSL_CTX_set_max_proto_version (SSL_CTX *ctx, int version)
 

Function Documentation

◆ SSL_CTX_set_max_proto_version()

int SSL_CTX_set_max_proto_version ( SSL_CTX *  ctx,
int  version 
)

Definition at line 80 of file protocol_openssl.c.

References AssertArg.

Referenced by be_tls_init(), and initialize_SSL().

81 {
82  int ssl_options = 0;
83 
84  AssertArg(version != 0);
85 
86  /*
87  * Some OpenSSL versions define TLS*_VERSION macros but not the
88  * corresponding SSL_OP_NO_* macro, so in those cases we have to return
89  * unsuccessfully here.
90  */
91 #ifdef TLS1_1_VERSION
92  if (version < TLS1_1_VERSION)
93  {
94 #ifdef SSL_OP_NO_TLSv1_1
95  ssl_options |= SSL_OP_NO_TLSv1_1;
96 #else
97  return 0;
98 #endif
99  }
100 #endif
101 #ifdef TLS1_2_VERSION
102  if (version < TLS1_2_VERSION)
103  {
104 #ifdef SSL_OP_NO_TLSv1_2
105  ssl_options |= SSL_OP_NO_TLSv1_2;
106 #else
107  return 0;
108 #endif
109  }
110 #endif
111 
112  SSL_CTX_set_options(ctx, ssl_options);
113 
114  return 1; /* success */
115 }
#define AssertArg(condition)
Definition: c.h:740

◆ SSL_CTX_set_min_proto_version()

int SSL_CTX_set_min_proto_version ( SSL_CTX *  ctx,
int  version 
)

Definition at line 41 of file protocol_openssl.c.

Referenced by be_tls_init(), and initialize_SSL().

42 {
43  int ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
44 
45  if (version > TLS1_VERSION)
46  ssl_options |= SSL_OP_NO_TLSv1;
47 
48  /*
49  * Some OpenSSL versions define TLS*_VERSION macros but not the
50  * corresponding SSL_OP_NO_* macro, so in those cases we have to return
51  * unsuccessfully here.
52  */
53 #ifdef TLS1_1_VERSION
54  if (version > TLS1_1_VERSION)
55  {
56 #ifdef SSL_OP_NO_TLSv1_1
57  ssl_options |= SSL_OP_NO_TLSv1_1;
58 #else
59  return 0;
60 #endif
61  }
62 #endif
63 #ifdef TLS1_2_VERSION
64  if (version > TLS1_2_VERSION)
65  {
66 #ifdef SSL_OP_NO_TLSv1_2
67  ssl_options |= SSL_OP_NO_TLSv1_2;
68 #else
69  return 0;
70 #endif
71  }
72 #endif
73 
74  SSL_CTX_set_options(ctx, ssl_options);
75 
76  return 1; /* success */
77 }