#include "ssl-settings.h"
#include "settings-parser.h"
+#ifdef LDAP_OPT_X_TLS
+
+static const struct {
+ const char *name;
+ int opt;
+} protocol_versions[] = {
+ { "ANY", LDAP_OPT_X_TLS_PROTOCOL_SSL3 },
+ { "TLSv1", LDAP_OPT_X_TLS_PROTOCOL_TLS1_0 },
+ { "TLSv1.1", LDAP_OPT_X_TLS_PROTOCOL_TLS1_1 },
+ { "TLSv1.2", LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 },
+#ifndef LDAP_OPT_X_TLS_PROTOCOL_TLS1_3
+ { "LATEST", LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 }
+#else
+ { "TLSv1.3", LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 },
+ { "LATEST", LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 }
+#endif
+};
+
+static int ldap_min_protocol_to_option(const char *min_protocol, int *opt_r)
+{
+ unsigned int i = 0;
+ for (; i < N_ELEMENTS(protocol_versions); i++) {
+ if (strcasecmp(protocol_versions[i].name, min_protocol) == 0) {
+ *opt_r = protocol_versions[i].opt;
+ return 0;
+ }
+ }
+ return -1;
+}
+
+#endif
+
int ldap_set_opt(LDAP *ld, int opt, const void *value,
const char *optname, const char *value_str,
const char **error_r)
ssl_set->ssl_cipher_list,
"ssl_cipher_list", error_r) < 0)
return -1;
- if (ldap_set_opt_str(ld, LDAP_OPT_X_TLS_PROTOCOL_MIN,
- ssl_set->ssl_min_protocol,
- "ssl_min_protocol", error_r) < 0)
- return -1;
if (ldap_set_opt_str(ld, LDAP_OPT_X_TLS_ECNAME,
ssl_set->ssl_curve_list,
"ssl_curve_list", error_r) < 0)
"ssl_client_require_valid_cert",
requires ? "yes" : "no", error_r) < 0)
return -1;
+
+ if (ldap_min_protocol_to_option(ssl_set->ssl_min_protocol, &opt) < 0) {
+ *error_r = t_strdup_printf(
+ "Can't set minimum protocol to '%s' "
+ "(ssl_min_protocol setting): Unknown value",
+ ssl_set->ssl_min_protocol);
+ return -1;
+ }
+ if (ldap_set_opt(ld, LDAP_OPT_X_TLS_PROTOCOL_MIN, &opt,
+ "ssl_min_protocol", ssl_set->ssl_min_protocol,
+ error_r) < 0)
+ return -1;
+
return 0;
}
#endif
projects / thirdparty / dovecot / core.git / commitdiff
