7 лет назад · ef13794d05
--- a/src/check_nrpe.c
+++ b/src/check_nrpe.c
@@ -87,7 +87,7 @@ int use_ssl = FALSE;
 
				 /* SSL/TLS parameters */
			
 
				 typedef enum _SSL_VER {
			
 
				 	SSL_Ver_Invalid = 0, SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus,
			
 
				-	TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
			
 
				+	TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus, TLSv1_3, TLSv1_3_plus
			
 
				 } SslVer;
			
 
				 
			
 
				 typedef enum _CLNT_CERTS { Ask_For_Cert = 1, Require_Cert = 2 } ClntCerts;
			
@@ -432,7 +432,11 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
				 				break;
			
 
				 			}
			
 
				 
			
 
				-			if (!strcmp(optarg, "TLSv1.2"))
			
 
				+			if (!strcmp(optarg, "TLSv1.3"))
			
 
				+				sslprm.ssl_proto_ver = TLSv1_3;
			
 
				+			else if (!strcmp(optarg, "TLSv1.3+"))
			
 
				+				sslprm.ssl_proto_ver = TLSv1_3_plus;
			
 
				+			else if (!strcmp(optarg, "TLSv1.2"))
			
 
				 				sslprm.ssl_proto_ver = TLSv1_2;
			
 
				 			else if (!strcmp(optarg, "TLSv1.2+"))
			
 
				 				sslprm.ssl_proto_ver = TLSv1_2_plus;
			
@@ -811,6 +815,12 @@ void setup_ssl()
 
				 		case TLSv1_2_plus:
			
 
				 			val = "TLSv1_2_plus And Above";
			
 
				 			break;
			
 
				+		case TLSv1_3:
			
 
				+			val = "TLSv1_3";
			
 
				+			break;
			
 
				+		case TLSv1_3_plus:
			
 
				+			val = "TLSv1_3_plus And Above";
			
 
				+			break;
			
 
				 		default:
			
 
				 			val = "INVALID VALUE!";
			
 
				 			break;
			
@@ -850,6 +860,10 @@ void setup_ssl()
 
				 #  ifdef SSL_TXT_TLSV1_2
			
 
				 		if (sslprm.ssl_proto_ver == TLSv1_2)
			
 
				 			meth = TLSv1_2_client_method();
			
 
				+#  ifdef SSL_TXT_TLSV1_3
			
 
				+		if (sslprm.ssl_proto_ver == TLSv1_3)
			
 
				+			meth = TLSv1_3_client_method();
			
 
				+#  endif	/* ifdef SSL_TXT_TLSV1_3 */
			
 
				 #  endif	/* ifdef SSL_TXT_TLSV1_2 */
			
 
				 # endif	/* ifdef SSL_TXT_TLSV1_1 */
			
 
				 
			
@@ -865,6 +879,11 @@ void setup_ssl()
 
				 	SSL_CTX_set_max_proto_version(ctx, 0);
			
 
				 
			
 
				 	switch(sslprm.ssl_proto_ver) {
			
 
				+		case TLSv1_3:
			
 
				+			SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
			
 
				+		case TLSv1_3_plus:
			
 
				+			SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
			
 
				+			break;
			
 
				 
			
 
				 		case TLSv1_2:
			
 
				 			SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
			
@@ -897,11 +916,14 @@ void setup_ssl()
 
				 			case SSLv2:
			
 
				 			case SSLv2_plus:
			
 
				 				break;
			
 
				+			case TLSv1_3:
			
 
				+			case TLSv1_3_plus:
			
 
				+#ifdef SSL_OP_NO_TLSv1_2
			
 
				+				ssl_opts |= SSL_OP_NO_TLSv1_2;
			
 
				+#endif
			
 
				 			case TLSv1_2:
			
 
				 			case TLSv1_2_plus:
			
 
				-#ifdef SSL_OP_NO_TLSv1_1
			
 
				 				ssl_opts |= SSL_OP_NO_TLSv1_1;
			
 
				-#endif
			
 
				 			case TLSv1_1:
			
 
				 			case TLSv1_1_plus:
			
 
				 				ssl_opts |= SSL_OP_NO_TLSv1;
			
--- a/src/nrpe.c
+++ b/src/nrpe.c
@@ -124,7 +124,7 @@ extern char *log_file;
 
				 /* SSL/TLS parameters */
			
 
				 typedef enum _SSL_VER {
			
 
				 	SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, TLSv1,
			
 
				-	TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
			
 
				+	TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus, TLSv1_3, TLSv1_3_plus
			
 
				 } SslVer;
			
 
				 
			
 
				 typedef enum _CLNT_CERTS {
			
@@ -329,6 +329,10 @@ void init_ssl(void)
 
				 #  ifdef SSL_TXT_TLSV1_2
			
 
				 	if (sslprm.ssl_proto_ver == TLSv1_2)
			
 
				 		meth = TLSv1_2_server_method();
			
 
				+#  ifdef SSL_TXT_TLSV1_3
			
 
				+	if (sslprm.ssl_proto_ver == TLSv1_3)
			
 
				+		meth = TLSv1_3_server_method();
			
 
				+#  endif	/* ifdef SSL_TXT_TLSV1_3 */
			
 
				 #  endif	/* ifdef SSL_TXT_TLSV1_2 */
			
 
				 # endif		/* SSL_TXT_TLSV1_1 */
			
 
				 
			
@@ -349,6 +353,11 @@ void init_ssl(void)
 
				 	SSL_CTX_set_max_proto_version(ctx, 0);
			
 
				 
			
 
				 	switch(sslprm.ssl_proto_ver) {
			
 
				+		case TLSv1_3:
			
 
				+			SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
			
 
				+		case TLSv1_3_plus:
			
 
				+			SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
			
 
				+			break;
			
 
				 
			
 
				 		case TLSv1_2:
			
 
				 			SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
			
@@ -381,11 +390,14 @@ void init_ssl(void)
 
				 		case SSLv2:
			
 
				 		case SSLv2_plus:
			
 
				 			break;
			
 
				+		case TLSv1_3:
			
 
				+		case TLSv1_3_plus:
			
 
				+#ifdef SSL_OP_NO_TLSv1_2
			
 
				+			ssl_opts |= SSL_OP_NO_TLSv1_2;
			
 
				+#endif
			
 
				 		case TLSv1_2:
			
 
				 		case TLSv1_2_plus:
			
 
				-#ifdef SSL_OP_NO_TLSv1_1
			
 
				 			ssl_opts |= SSL_OP_NO_TLSv1_1;
			
 
				-#endif
			
 
				 		case TLSv1_1:
			
 
				 		case TLSv1_1_plus:
			
 
				 			ssl_opts |= SSL_OP_NO_TLSv1;
			
@@ -517,6 +529,12 @@ void log_ssl_startup(void)
 
				 	case TLSv1_2_plus:
			
 
				 		vers = "TLSv1_2 And Above";
			
 
				 		break;
			
 
				+	case TLSv1_3:
			
 
				+		vers = "TLSv1_3";
			
 
				+		break;
			
 
				+	case TLSv1_3_plus:
			
 
				+		vers = "TLSv1_3 And Above";
			
 
				+		break;
			
 
				 	default:
			
 
				 		vers = "INVALID VALUE!";
			
 
				 		break;
			
@@ -926,7 +944,11 @@ int read_config_file(char *filename)
 
				 			}
			
 
				 
			
 
				 		} else if (!strcmp(varname, "ssl_version")) {
			
 
				-			if (!strcmp(varvalue, "TLSv1.2"))
			
 
				+			if (!strcmp(varvalue, "TLSv1.3"))
			
 
				+				sslprm.ssl_proto_ver = TLSv1_3;
			
 
				+			else if (!strcmp(varvalue, "TLSv1.3+"))
			
 
				+				sslprm.ssl_proto_ver = TLSv1_3_plus;
			
 
				+			else if (!strcmp(varvalue, "TLSv1.2"))
			
 
				 				sslprm.ssl_proto_ver = TLSv1_2;
			
 
				 			else if (!strcmp(varvalue, "TLSv1.2+"))
			
 
				 				sslprm.ssl_proto_ver = TLSv1_2_plus;