Skip to content

Commit c37bf64

Browse files
Al2KlimovAl2Klimov
committed
SetTlsProtocolminToSSLContext(): take TlsProtocolMin, not String
1 parent 8ebc6a9 commit c37bf64

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

lib/base/tlsutility.cpp

+4-4
Original file line numberDiff line numberDiff line change
@@ -296,7 +296,7 @@ Shared<TlsContext>::Ptr SetupSslContext(const String& certPath, const String& ke
296296

297297
if (!protocolmin.IsEmpty()){
298298
try {
299-
SetTlsProtocolminToSSLContext(context, protocolmin);
299+
SetTlsProtocolminToSSLContext(context, ResolveTlsProtocolVersion(protocolmin));
300300
} catch (const std::exception&) {
301301
BOOST_THROW_EXCEPTION(ScriptError("Cannot set minimum TLS protocol version to SSL context with tls_protocolmin: '" + protocolmin + "'.", std::move(di)));
302302
}
@@ -311,10 +311,10 @@ Shared<TlsContext>::Ptr SetupSslContext(const String& certPath, const String& ke
311311
* @param context The ssl context.
312312
* @param tlsProtocolmin The minimum TLS protocol version.
313313
*/
314-
void SetTlsProtocolminToSSLContext(const Shared<TlsContext>::Ptr& context, const String& tlsProtocolmin)
314+
void SetTlsProtocolminToSSLContext(const Shared<TlsContext>::Ptr& context, TlsProtocolMin tlsProtocolmin)
315315
{
316316
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
317-
int ret = SSL_CTX_set_min_proto_version(context->native_handle(), ResolveTlsProtocolVersion(tlsProtocolmin));
317+
int ret = SSL_CTX_set_min_proto_version(context->native_handle(), tlsProtocolmin);
318318

319319
if (ret != 1) {
320320
char errbuf[256];
@@ -329,7 +329,7 @@ void SetTlsProtocolminToSSLContext(const Shared<TlsContext>::Ptr& context, const
329329
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
330330
// This should never happen. On this OpenSSL version, ResolveTlsProtocolVersion() should either return TLS 1.2
331331
// or throw an exception, as that's the only TLS version supported by both Icinga and ancient OpenSSL.
332-
VERIFY(ResolveTlsProtocolVersion(tlsProtocolmin) == TLS1_2_VERSION);
332+
VERIFY(tlsProtocolmin == TLS1_2_VERSION);
333333
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
334334
}
335335

lib/base/tlsutility.hpp

+1-1
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ String GetOpenSSLVersion();
4949
void AddCRLToSSLContext(const Shared<TlsContext>::Ptr& context, const String& crlPath);
5050
void AddCRLToSSLContext(X509_STORE *x509_store, const String& crlPath);
5151
void SetCipherListToSSLContext(const Shared<TlsContext>::Ptr& context, const String& cipherList);
52-
void SetTlsProtocolminToSSLContext(const Shared<TlsContext>::Ptr& context, const String& tlsProtocolmin);
52+
void SetTlsProtocolminToSSLContext(const Shared<TlsContext>::Ptr& context, TlsProtocolMin tlsProtocolmin);
5353
TlsProtocolMin ResolveTlsProtocolVersion(const std::string& version);
5454

5555
Shared<TlsContext>::Ptr SetupSslContext(const String& certPath = String(), const String& keyPath = String(), const String& caPath = String(),

0 commit comments

Comments
 (0)