mirror of
https://github.com/moparisthebest/wget
synced 2024-07-03 16:38:41 -04:00
add TLSv1_1 and TLSv1_2 to --secure-protocol
This commit is contained in:
parent
796da8da3a
commit
3e3073ca7b
@ -1641,16 +1641,16 @@ without SSL support, none of these options are available.
|
|||||||
@cindex SSL protocol, choose
|
@cindex SSL protocol, choose
|
||||||
@item --secure-protocol=@var{protocol}
|
@item --secure-protocol=@var{protocol}
|
||||||
Choose the secure protocol to be used. Legal values are @samp{auto},
|
Choose the secure protocol to be used. Legal values are @samp{auto},
|
||||||
@samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1} and @samp{PFS}. If @samp{auto}
|
@samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1}, @samp{TLSv1_2}
|
||||||
is used, the SSL library is given the liberty of choosing the appropriate
|
and @samp{PFS}. If @samp{auto} is used, the SSL library is given the
|
||||||
protocol automatically, which is achieved by sending an TLSv1 greeting.
|
liberty of choosing the appropriate protocol automatically, which is
|
||||||
This is the default.
|
achieved by sending a TLSv1 greeting. This is the default.
|
||||||
|
|
||||||
Specifying @samp{SSLv2}, @samp{SSLv3}, or @samp{TLSv1} forces the use
|
Specifying @samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1} or
|
||||||
of the corresponding protocol. This is useful when talking to old and
|
@samp{TLSv1_2} forces the use of the corresponding protocol. This is
|
||||||
buggy SSL server implementations that make it hard for the underlying
|
useful when talking to old and buggy SSL server implementations that
|
||||||
SSL library to choose the correct protocol version. Fortunately, such
|
make it hard for the underlying SSL library to choose the correct
|
||||||
servers are quite rare.
|
protocol version. Fortunately, such servers are quite rare.
|
||||||
|
|
||||||
Specifying @samp{PFS} enforces the use of the so-called Perfect Forward
|
Specifying @samp{PFS} enforces the use of the so-called Perfect Forward
|
||||||
Security cipher suites. In short, PFS adds security by creating a one-time
|
Security cipher suites. In short, PFS adds security by creating a one-time
|
||||||
|
@ -1,4 +1,10 @@
|
|||||||
2013-10-22 Ángel González <keisial@gmail.com>
|
2014-10-08 Nikolay Morozov <n.morozov@securitycode.ru> and Sergey Lvov <s.lvov@securitycode.ru>
|
||||||
|
|
||||||
|
* init.c (cmd_spec_secure_protocol): Add support for
|
||||||
|
TLS v1.1 and TLS v1.2 protocols
|
||||||
|
* openssl.c (ssl_init): Add support for OpenSSL engines
|
||||||
|
|
||||||
|
2014-10-22 Ángel González <keisial@gmail.com>
|
||||||
|
|
||||||
* css-url.c (get_uri_string): Honor the specified length argument.
|
* css-url.c (get_uri_string): Honor the specified length argument.
|
||||||
|
|
||||||
|
@ -1498,6 +1498,8 @@ cmd_spec_secure_protocol (const char *com, const char *val, void *place)
|
|||||||
{ "sslv2", secure_protocol_sslv2 },
|
{ "sslv2", secure_protocol_sslv2 },
|
||||||
{ "sslv3", secure_protocol_sslv3 },
|
{ "sslv3", secure_protocol_sslv3 },
|
||||||
{ "tlsv1", secure_protocol_tlsv1 },
|
{ "tlsv1", secure_protocol_tlsv1 },
|
||||||
|
{ "tlsv1_1", secure_protocol_tlsv1_1 },
|
||||||
|
{ "tlsv1_2", secure_protocol_tlsv1_2 },
|
||||||
{ "pfs", secure_protocol_pfs },
|
{ "pfs", secure_protocol_pfs },
|
||||||
};
|
};
|
||||||
int ok = decode_string (val, choices, countof (choices), place);
|
int ok = decode_string (val, choices, countof (choices), place);
|
||||||
|
@ -40,6 +40,9 @@ as that of the covered work. */
|
|||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000
|
||||||
|
#include <openssl/conf.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "connect.h"
|
#include "connect.h"
|
||||||
@ -187,6 +190,12 @@ ssl_init (void)
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000
|
||||||
|
OPENSSL_load_builtin_modules();
|
||||||
|
ENGINE_load_builtin_engines();
|
||||||
|
CONF_modules_load_file(NULL, NULL,
|
||||||
|
CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
|
||||||
|
#endif
|
||||||
SSL_library_init ();
|
SSL_library_init ();
|
||||||
SSL_load_error_strings ();
|
SSL_load_error_strings ();
|
||||||
SSLeay_add_all_algorithms ();
|
SSLeay_add_all_algorithms ();
|
||||||
@ -207,6 +216,14 @@ ssl_init (void)
|
|||||||
case secure_protocol_tlsv1:
|
case secure_protocol_tlsv1:
|
||||||
meth = TLSv1_client_method ();
|
meth = TLSv1_client_method ();
|
||||||
break;
|
break;
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x01001000
|
||||||
|
case secure_protocol_tlsv1_1:
|
||||||
|
meth = TLSv1_1_client_method ();
|
||||||
|
break;
|
||||||
|
case secure_protocol_tlsv1_2:
|
||||||
|
meth = TLSv1_2_client_method ();
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
default:
|
default:
|
||||||
abort ();
|
abort ();
|
||||||
}
|
}
|
||||||
|
@ -202,6 +202,8 @@ struct options
|
|||||||
secure_protocol_sslv2,
|
secure_protocol_sslv2,
|
||||||
secure_protocol_sslv3,
|
secure_protocol_sslv3,
|
||||||
secure_protocol_tlsv1,
|
secure_protocol_tlsv1,
|
||||||
|
secure_protocol_tlsv1_1,
|
||||||
|
secure_protocol_tlsv1_2,
|
||||||
secure_protocol_pfs
|
secure_protocol_pfs
|
||||||
} secure_protocol; /* type of secure protocol to use. */
|
} secure_protocol; /* type of secure protocol to use. */
|
||||||
bool check_cert; /* whether to validate the server's cert */
|
bool check_cert; /* whether to validate the server's cert */
|
||||||
|
Loading…
Reference in New Issue
Block a user