-From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
-From: Bruno Silvestre <bruno.silvestre@gmail.com>
-Date: Mon, 2 Jul 2018 10:31:45 -0300
-Subject: [PATCH 3/3] Removing deprecated methods to select the protocol
-
-Using TLS_method(), SSL_set_min_proto_version() and
-SSL_set_max_proto_version().
----
- src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 44 insertions(+), 2 deletions(-)
-
-diff --git a/src/context.c b/src/context.c
-index d8fc8b6..d1377f1 100644
---- a/src/context.c
-+++ b/src/context.c
-@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
- return 0;
- }
-
-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
-+
- /**
- * Find the protocol.
- */
--static const SSL_METHOD* str2method(const char *method)
-+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
- {
-+ if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
-+ *vmin = TLS1_VERSION;
-+ *vmax = TLS1_2_VERSION;
-+ return TLS_method();
-+ }
-+ else if (!strcmp(method, "tlsv1")) {
-+ *vmin = TLS1_VERSION;
-+ *vmax = TLS1_VERSION;
-+ return TLS_method();
-+ }
-+ else if (!strcmp(method, "tlsv1_1")) {
-+ *vmin = TLS1_1_VERSION;
-+ *vmax = TLS1_1_VERSION;
-+ return TLS_method();
-+ }
-+ else if (!strcmp(method, "tlsv1_2")) {
-+ *vmin = TLS1_2_VERSION;
-+ *vmax = TLS1_2_VERSION;
-+ return TLS_method();
-+ }
-+
-+ return NULL;
-+}
-+
-+#else
-+
-+/**
-+ * Find the protocol.
-+ */
-+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
-+{
-+ (void)vmin;
-+ (void)vmax;
- if (!strcmp(method, "any")) return SSLv23_method();
- if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
- if (!strcmp(method, "tlsv1")) return TLSv1_method();
-@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
- return NULL;
- }
-
-+#endif
-+
- /**
- * Prepare the SSL handshake verify flag.
- */
-@@ -279,9 +316,10 @@ static int create(lua_State *L)
- p_context ctx;
- const char *str_method;
- const SSL_METHOD *method;
-+ int vmin, vmax;
-
- str_method = luaL_checkstring(L, 1);
-- method = str2method(str_method);
-+ method = str2method(str_method, &vmin, &vmax);
- if (!method) {
- lua_pushnil(L);
- lua_pushfstring(L, "invalid protocol (%s)", str_method);
-@@ -301,6 +339,10 @@ static int create(lua_State *L)
- ERR_reason_error_string(ERR_get_error()));
- return 2;
- }
-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
-+ SSL_CTX_set_min_proto_version(ctx->context, vmin);
-+ SSL_CTX_set_max_proto_version(ctx->context, vmax);
-+#endif
- ctx->mode = LSEC_MODE_INVALID;
- ctx->L = L;
- luaL_getmetatable(L, "SSL:Context");
---
-2.19.1
-