aboutsummaryrefslogtreecommitdiffstats
path: root/socket.c
diff options
context:
space:
mode:
Diffstat (limited to 'socket.c')
-rw-r--r--socket.c28
1 files changed, 27 insertions, 1 deletions
diff --git a/socket.c b/socket.c
index 6043b49b..aec319e3 100644
--- a/socket.c
+++ b/socket.c
@@ -928,6 +928,17 @@ static int OSSL10X_proto_version_logic(int sock, const char **myproto, int *avoi
report(stderr, GT_("Your OpenSSL version does not support TLS v1.2.\n"));
return -1;
#endif
+#if defined(TLS1_3_VERSION)
+ } else if (!strcasecmp("tls1.3", *myproto)) {
+ _ctx[sock] = SSL_CTX_new(TLSv1_3_client_method());
+ } else if (!strcasecmp("tls1.3+", *myproto)) {
+ *myproto = NULL;
+ *avoid_ssl_versions |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
+#else
+ } else if(!strcasecmp("tls1.3",*myproto) || !strcasecmp("tls1.3+", *myproto)) {
+ report(stderr, GT_("Your OpenSSL version does not support TLS v1.3.\n"));
+ return -1;
+#endif
} else if (!strcasecmp("ssl23", *myproto)
|| 0 == strcasecmp("auto", *myproto))
{
@@ -946,6 +957,8 @@ static int OSSL10X_proto_version_logic(int sock, const char **myproto, int *avoi
static int OSSL110_proto_version_logic(int sock, const char **myproto,
int *avoid_ssl_versions)
{
+ /* NOTE - this code MUST NOT set myproto to NULL, else the
+ * SSL_...set_..._proto_version() call becomes ineffective. */
_ctx[sock] = SSL_CTX_new(TLS_client_method());
SSL_CTX_set_min_proto_version(_ctx[sock], TLS1_VERSION);
@@ -986,20 +999,33 @@ static int OSSL110_proto_version_logic(int sock, const char **myproto,
SSL_CTX_set_max_proto_version(_ctx[sock], TLS1_2_VERSION);
} else if (!strcasecmp("tls1.2+", *myproto)) {
SSL_CTX_set_min_proto_version(_ctx[sock], TLS1_2_VERSION);
- *myproto = NULL;
#else
} else if(!strcasecmp("tls1.2",*myproto) || !strcasecmp("tls1.2+", *myproto)) {
report(stderr, GT_("Your OpenSSL version does not support TLS v1.2.\n"));
return -1;
#endif
+#if defined(TLS1_3_VERSION)
+ } else if (!strcasecmp("tls1.3", *myproto)) {
+ SSL_CTX_set_min_proto_version(_ctx[sock], TLS1_3_VERSION);
+ SSL_CTX_set_max_proto_version(_ctx[sock], TLS1_3_VERSION);
+ } else if (!strcasecmp("tls1.3+", *myproto)) {
+ SSL_CTX_set_min_proto_version(_ctx[sock], TLS1_3_VERSION);
+#else
+ } else if(!strcasecmp("tls1.3",*myproto) || !strcasecmp("tls1.3+", *myproto)) {
+ report(stderr, GT_("Your OpenSSL version does not support TLS v1.3.\n"));
+ return -1;
+#endif
} else if (!strcasecmp("ssl23", *myproto)
|| 0 == strcasecmp("auto", *myproto))
{
/* do nothing */
} else {
+ /* This should not happen. */
report(stderr,
GT_("Invalid SSL protocol '%s' specified, using default autoselect (auto).\n"),
*myproto);
+ report(stderr, "fetchmail internal error in OSSL110_proto_version_logic\n");
+ abort();
}
return 0;
}