| Subject: | DTLS support |
Hello,
these patches add dtlsv1 and dtlsv1.2 functions and some useful BIO functions.
| Subject: | ssleay-pm-dtls.patch |
--- Net-SSLeay-1.81/lib/Net/SSLeay.pm 2017-03-27 16:59:48.000000000 -0400
+++ Net-SSLeay-1.81-dtls-patch/lib/Net/SSLeay.pm 2017-04-06 18:34:50.220077007 -0400
@@ -32,6 +32,8 @@
# 10 = insist on TLSv1
# 11 = insist on TLSv1.1
# 12 = insist on TLSv1.2
+# 1010 = insist on DTLSv1
+# 1012 = insist on DTLSv1.2
# 0 or undef = guess (v23)
#
$Net::SSLeay::ssl_version = 0; # don't change here, use
@@ -92,8 +94,8 @@
ERROR_NONE NID_info_access OP_NO_TICKET
ERROR_SSL NID_initials OP_NO_TLSv1
ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1
- ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2
- ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1
+ ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2
+ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1
ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2
ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE
ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE
@@ -215,7 +217,9 @@
NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE
NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC
NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ
- NID_email_protect OP_COOKIE_EXCHANGE
+ NID_email_protect OP_COOKIE_EXCHANGE OP_NO_DTLSv1
+ OP_NO_DTLSv1_2
+
BIO_eof
BIO_f_ssl
BIO_free
@@ -226,6 +230,14 @@
BIO_s_mem
BIO_wpending
BIO_write
+ BIO_new_dgram
+ BIO_ctrl_dgram_connect
+ BIO_ctrl_set_connected
+ BIO_dgram_recv_timedout
+ BIO_dgram_send_timedout
+ BIO_dgram_get_peer
+ BIO_dgram_set_peer
+ BIO_dgram_get_mtu_overhead
CTX_free
CTX_get_cert_store
CTX_new
@@ -234,6 +246,9 @@
CTX_v23_new
CTX_v2_new
CTX_v3_new
+ DTLSv1_get_timeout
+ DTLSv1_handle_timeout
+ DTLSv1_listen
ERR_error_string
ERR_get_error
ERR_load_RAND_strings
@@ -959,6 +974,20 @@
}
$ctx = CTX_tlsv1_2_new;
}
+ elsif ($ssl_version == 1010) {
+ unless (exists &Net::SSLeay::CTX_dtlsv1_new) {
+ warn "ssl_version has been set to 1010, but this version of OpenSSL has been compiled without DTLSv1 support";
+ return undef;
+ }
+ $ctx = CTX_dtlsv1_new;
+ }
+ elsif ($ssl_version == 1012) {
+ unless (exists &Net::SSLeay::CTX_dtlsv1_2_new) {
+ warn "ssl_version has been set to 1012, but this version of OpenSSL has been compiled without DTLSv1.2 support";
+ return undef;
+ }
+ $ctx = CTX_dtlsv1_2_new;
+ }
else { $ctx = CTX_new(); }
return $ctx;
}
| Subject: | ssleay-xs-dtls.patch |
--- Net-SSLeay-1.81/SSLeay.xs 2017-03-03 23:25:15.000000000 -0500
+++ Net-SSLeay-1.81-dtls-patch/SSLeay.xs 2017-04-06 18:37:19.050240011 -0400
@@ -161,6 +161,7 @@
*/
#define BLOCK OPENSSL_BLOCK
#include <openssl/err.h>
+#include <openssl/bio.h>
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
@@ -1607,6 +1608,23 @@
#endif
SSL_CTX *
+SSL_CTX_dtlsv1_new()
+ CODE:
+ RETVAL = SSL_CTX_new (DTLSv1_method());
+ OUTPUT:
+ RETVAL
+
+
+
+SSL_CTX *
+SSL_CTX_dtlsv1_2_new()
+ CODE:
+ RETVAL = SSL_CTX_new (DTLSv1_2_method());
+ OUTPUT:
+ RETVAL
+
+
+SSL_CTX *
SSL_CTX_new_with_method(meth)
SSL_METHOD * meth
CODE:
@@ -4009,6 +4027,39 @@
#endif
+const SSL_METHOD *
+DTLSv1_method()
+
+const SSL_METHOD *
+DTLSv1_2_method()
+
+long
+DTLSv1_get_timeout(ssl,arg)
+ SSL *ssl
+ void *arg
+ CODE:
+ RETVAL = SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg);
+ OUTPUT:
+ RETVAL
+
+
+long
+DTLSv1_handle_timeout(ssl)
+ SSL *ssl
+ CODE:
+ RETVAL = SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL);
+ OUTPUT:
+ RETVAL
+
+long
+DTLSv1_listen(ssl,peer)
+ SSL *ssl
+ void *peer
+ CODE:
+ RETVAL = SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer);
+ OUTPUT:
+ RETVAL
+
#if OPENSSL_VERSION_NUMBER < 0x10000000L
@@ -4105,6 +4156,73 @@
BIO_ssl_shutdown(ssl_bio)
BIO * ssl_bio
+BIO *
+BIO_new_dgram(sock,flag)
+ int sock
+ int flag
+
+int
+BIO_ctrl_dgram_connect(b,peer)
+ BIO *b
+ void *peer
+ CODE:
+ RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT, 0,(char *) peer);
+ OUTPUT:
+ RETVAL
+
+int
+BIO_ctrl_set_connected(b, state, peer)
+ BIO *b
+ int state
+ void *peer
+ CODE:
+ RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_SET_CONNECTED, state,(char *) peer);
+ OUTPUT:
+ RETVAL
+
+int
+BIO_dgram_recv_timedout(b)
+ BIO *b
+ CODE:
+ RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0,NULL);
+ OUTPUT:
+ RETVAL
+
+int
+BIO_dgram_send_timedout(b)
+ BIO *b
+ CODE:
+ RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0,NULL);
+ OUTPUT:
+ RETVAL
+
+
+int
+BIO_dgram_get_peer(b,peer)
+ BIO *b
+ void *peer
+ CODE:
+ RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_PEER, 0,(char *) peer);
+ OUTPUT:
+ RETVAL
+
+int
+BIO_dgram_set_peer(b,peer)
+ BIO *b
+ void *peer
+ CODE:
+ RETVAL = (int)BIO_ctrl(b,BIO_CTRL_DGRAM_SET_PEER, 0,(char *) peer);
+ OUTPUT:
+ RETVAL
+
+unsigned int
+BIO_dgram_get_mtu_overhead(b)
+ BIO *b
+ CODE:
+ RETVAL = (unsigned int)BIO_ctrl(b,BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0,NULL);
+ OUTPUT:
+ RETVAL
+
int
SSL_add_client_CA(ssl,x)
SSL * ssl