chore: update ssl module

- update default protocol process
- add ctx:version()

src/ssl.c

@@ -69,7 +69,13 @@ static int openssl_ssl_ctx_new(lua_State*L)
   const char* ciphers;
   SSL_CTX* ctx;
 
-  if (0);
+  if (strcmp(meth, "SSLv23") == 0)
+    method = SSLv23_method();
+  else if (strcmp(meth, "SSLv23_server") == 0)
+    method = SSLv23_server_method();
+  else if (strcmp(meth, "SSLv23_client") == 0)
+    method = SSLv23_client_method();
+
 #if OPENSSL_VERSION_NUMBER > 0x10100000L
   else if (strcmp(meth, "TLS") == 0)
     method = TLS_method();
@@ -84,13 +90,7 @@ static int openssl_ssl_ctx_new(lua_State*L)
     method = DTLS_server_method();
   else if (strcmp(meth, "DTLS_client") == 0)
     method = DTLS_client_method();
-#else
-  else if (strcmp(meth, "SSLv23") == 0)
-    method = SSLv23_method();
-  else if (strcmp(meth, "SSLv23_server") == 0)
-    method = SSLv23_server_method();
-  else if (strcmp(meth, "SSLv23_client") == 0)
-    method = SSLv23_client_method();
+#endif
 
 #ifndef OPENSSL_NO_DTLS1_2_METHOD
   else if (strcmp(meth, "DTLSv1_2") == 0)
@@ -118,6 +118,7 @@ static int openssl_ssl_ctx_new(lua_State*L)
   else if (strcmp(meth, "TLSv1_2_client") == 0)
     method = TLSv1_2_client_method();
 #endif
+
 #ifndef OPENSSL_NO_TLS1_1_METHOD
   else if (strcmp(meth, "TLSv1_1") == 0)
     method = TLSv1_1_method();
@@ -126,6 +127,7 @@ static int openssl_ssl_ctx_new(lua_State*L)
   else if (strcmp(meth, "TLSv1_1_client") == 0)
     method = TLSv1_1_client_method();
 #endif
+
 #ifndef OPENSSL_NO_TLS1_METHOD
   else if (strcmp(meth, "TLSv1") == 0)
     method = TLSv1_method();
@@ -134,6 +136,7 @@ static int openssl_ssl_ctx_new(lua_State*L)
   else if (strcmp(meth, "TLSv1_client") == 0)
     method = TLSv1_client_method();
 #endif
+
 #ifndef OPENSSL_NO_SSL3_METHOD
   else if (strcmp(meth, "SSLv3") == 0)
     method = SSLv3_method();
@@ -142,7 +145,6 @@ static int openssl_ssl_ctx_new(lua_State*L)
   else if (strcmp(meth, "SSLv3_client") == 0)
     method = SSLv3_client_method();
 #endif
-#endif
 
 #ifdef LOAD_SSL_CUSTOM
   LOAD_SSL_CUSTOM
@@ -518,6 +520,52 @@ static int openssl_ssl_ctx_options(lua_State*L)
   return 1;
 }
 
+/***
+get min_proto_version and max_proto_version
+@function version
+@treturn[1] integer min_proto_version
+@treturn[2] integer man_proto_version
+*/
+
+/***
+set min_proto_version and max_proto_version
+@function options
+@tparam integer min
+@tparam integer max
+@treturn boolean result or fail
+*/
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+static int openssl_ssl_ctx_version(lua_State*L)
+{
+  SSL_CTX* ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
+  int ret;
+  int minv = SSL_CTX_get_min_proto_version(ctx);
+  int maxv = SSL_CTX_get_max_proto_version(ctx);
+
+  if (lua_isnone(L, 2))
+  {
+    lua_pushinteger(L, minv);
+    lua_pushinteger(L, maxv);
+    return 2;
+  }
+
+  minv = luaL_optinteger(L, 2, minv);
+  maxv = luaL_optinteger(L, 3, maxv);
+  luaL_argcheck(L, minv <= maxv, 3, "max version can't less than min");
+
+  ret = SSL_CTX_set_min_proto_version(ctx, minv);
+  if (ret == 1)
+    ret = SSL_CTX_set_min_proto_version(ctx, maxv);
+
+  if (ret==1)
+  {
+    lua_pushvalue(L, 1);
+    return 1;
+  }
+  return openssl_pushresult(L, ret);
+}
+#endif
+
 /***
 get quit_shutdown is set or not
 Normally when a SSL connection is finished, the parties must send out
@@ -1614,6 +1662,9 @@ static luaL_Reg ssl_ctx_funcs[] =
   {"mode",            openssl_ssl_ctx_mode},
   {"timeout",         openssl_ssl_ctx_timeout},
   {"options",         openssl_ssl_ctx_options},
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+  {"version",         openssl_ssl_ctx_version},
+#endif
 #if OPENSSL_VERSION_NUMBER > 0x1010100FL && !defined(LIBRESSL_VERSION_NUMBER)
   {"num_tickets",     openssl_ssl_ctx_num_tickets},
 #endif

test/8.ssl.lua

@@ -286,6 +286,9 @@ function TestSSL:testSNI()
       assert(ctx:use(pkey, cert))
       certs[#certs + 1] = cert
     end
+    if ctx.version then
+      ctx:version(0x303, 0x303)
+    end
     ctx:set_session_callback(
       function(s, ss)
         -- add