43 lines
1.5 KiB
Diff
43 lines
1.5 KiB
Diff
From c51c78f50b96eb07dcaf45b237e03ae0291c30e2 Mon Sep 17 00:00:00 2001
|
|
From: Quanah Gibson-Mount <quanah@openldap.org>
|
|
Date: Thu, 11 Feb 2021 17:26:39 +0000
|
|
Subject: [PATCH 239/241] ITS#9422 - Update for TLS v1.3
|
|
|
|
---
|
|
include/ldap.h | 1 +
|
|
libraries/libldap/tls_o.c | 7 +++++++
|
|
2 files changed, 8 insertions(+)
|
|
|
|
diff --git a/include/ldap.h b/include/ldap.h
|
|
index c245651c27..149b9ea725 100644
|
|
--- a/include/ldap.h
|
|
+++ b/include/ldap.h
|
|
@@ -176,6 +176,7 @@ LDAP_BEGIN_DECL
|
|
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_0 ((3 << 8) + 1)
|
|
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_1 ((3 << 8) + 2)
|
|
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 ((3 << 8) + 3)
|
|
+#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 ((3 << 8) + 4)
|
|
|
|
/* OpenLDAP SASL options */
|
|
#define LDAP_OPT_X_SASL_MECH 0x6100
|
|
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
|
|
index 27bd7fa982..41d34a94bb 100644
|
|
--- a/libraries/libldap/tls_o.c
|
|
+++ b/libraries/libldap/tls_o.c
|
|
@@ -279,6 +279,13 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
|
#ifdef SSL_OP_NO_TLSv1
|
|
#ifdef SSL_OP_NO_TLSv1_1
|
|
#ifdef SSL_OP_NO_TLSv1_2
|
|
+#ifdef SSL_OP_NO_TLSv1_3
|
|
+ if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_3)
|
|
+ SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
|
|
+ SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
|
|
+ SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3 );
|
|
+ else
|
|
+#endif
|
|
if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_2)
|
|
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
|
|
SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
|
|
--
|
|
2.35.1
|
|
|