From a3a1ffa8b341dc7364217c9dc0538ce8c780d6d7 Mon Sep 17 00:00:00 2001 From: Daniel Jonka Date: Wed, 3 Feb 2016 16:26:24 +0100 Subject: [PATCH] added commandline option to enforce using TLSv1_client_method() instead of SSLv3_client_method() for compatibility reasons (based on thieso2's fork of proxytunnel - just optional this time) --- cmdline.c | 13 +++++++++++-- cmdline.h | 2 ++ ptstream.c | 6 +++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/cmdline.c b/cmdline.c index fadccb8..538df03 100644 --- a/cmdline.c +++ b/cmdline.c @@ -132,6 +132,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar args_info->encryptproxy_given = 0; args_info->encryptremproxy_given = 0; args_info->proctitle_given = 0; + args_info->enforcetls1_given = 0; /* No... we can't make this a function... -- Maniac */ #define clear_args() \ @@ -157,6 +158,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar args_info->encryptproxy_flag = 0; \ args_info->encryptremproxy_flag = 0; \ args_info->proctitle_arg = NULL; \ + args_info->enforcetls1_flag = 0; \ } clear_args(); @@ -189,6 +191,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar { "remproxy", 1, NULL, 'r' }, { "remproxyauth", 1, NULL, 'R' }, { "proctitle", 1, NULL, 'x' }, + { "tlsenforce", 1, NULL, 'L' }, { "header", 1, NULL, 'H' }, { "verbose", 0, NULL, 'v' }, { "ntlm", 0, NULL, 'N' }, @@ -201,9 +204,9 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar { NULL, 0, NULL, 0 } }; - c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXq", long_options, &option_index); + c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqL", long_options, &option_index); #else - c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXq" ); + c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqL" ); #endif if (c == -1) @@ -262,6 +265,12 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar args_info->proctitle_arg = gengetopt_strdup (optarg); break; + case 'L': + args_info->enforcetls1_given = 1; + message("Enforcing TLSv1"); + args_info->enforcetls1_flag = 1; + break; + case 'u': /* Username to send to HTTPS proxy for authentication. */ if (args_info->user_given) { fprintf (stderr, "%s: `--user' (`-u'), `--proxyauth' (`-P') or `--passfile' (`-F') option given more than once\n", PACKAGE); diff --git a/cmdline.h b/cmdline.h index 2eccab7..8c51e4c 100644 --- a/cmdline.h +++ b/cmdline.h @@ -48,6 +48,7 @@ struct gengetopt_args_info { int encryptproxy_flag; /* Turn on client to proxy SSL encryption (def=off).*/ int encryptremproxy_flag; /* Turn on local to remote proxy SSL encryption (def=off).*/ char *proctitle_arg; /* Override process title (default=off). */ + int enforcetls1_flag; /* Override default and enforce TLSv1 */ int help_given; /* Whether help was given. */ int version_given; /* Whether version was given. */ int user_given; /* Whether user was given. */ @@ -71,6 +72,7 @@ struct gengetopt_args_info { int encryptproxy_given; /* Whether encrypt was given */ int encryptremproxy_given; /* Whether encrypt was given */ int proctitle_given; /* Whether to override process title */ + int enforcetls1_given; /* Wheter to enforce TLSv1 */ }; int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *args_info ); diff --git a/ptstream.c b/ptstream.c index 6d55137..1e907f6 100644 --- a/ptstream.c +++ b/ptstream.c @@ -151,7 +151,11 @@ int stream_enable_ssl(PTSTREAM *pts) { /* Initialise the connection */ SSLeay_add_ssl_algorithms(); - meth = SSLv23_client_method(); + if (args_info.enforcetls1_flag) { + meth = TLSv1_client_method(); + } else { + meth = SSLv23_client_method(); + } SSL_load_error_strings(); ctx = SSL_CTX_new (meth);