/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2008-2014 The OpenLDAP Foundation.
+ * Copyright 2008-2015 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
NSSInitContext *initctx = NULL;
PK11SlotInfo *certdb_slot = NULL;
#endif
+ SSLVersionRange range;
+ SSLProtocolVariant variant;
SECStatus rc;
int done = 0;
ctx->tc_using_pem = PR_TRUE;
}
+ /*
+ * Set the SSL version range. MozNSS SSL versions are the same as openldap's:
+ *
+ * SSL_LIBRARY_VERSION_TLS_1_* are equivalent to LDAP_OPT_X_TLS_PROTOCOL_TLS1_*
+ */
+ SSL_VersionRangeGetSupported(ssl_variant_stream, &range); /* this sets the max */
+ range.min = lt->lt_protocol_min ? lt->lt_protocol_min : range.min;
+ variant = ssl_variant_stream;
+ SSL_VersionRangeSetDefault(variant, &range);
+
NSS_SetDomesticPolicy();
PK11_SetPasswordFunc( tlsm_pin_prompt );
return 0;
}
-/* Yet again, we're pasting in glue that MozNSS ought to provide itself. */
+/*
+ * Yet again, we're pasting in glue that MozNSS ought to provide itself.
+ *
+ * SSL_LIBRARY_VERSION_TLS_1_* are equivalent to LDAP_OPT_X_TLS_PROTOCOL_TLS1_*
+ */
static struct {
const char *name;
int num;
{ "SSLv3", SSL_LIBRARY_VERSION_3_0 },
{ "TLSv1", SSL_LIBRARY_VERSION_TLS_1_0 },
{ "TLSv1.1", SSL_LIBRARY_VERSION_TLS_1_1 },
+ { "TLSv1.2", SSL_LIBRARY_VERSION_TLS_1_2 },
+ { "TLSv1.3", SSL_LIBRARY_VERSION_TLS_1_3 },
{ NULL, 0 }
};
projects / openldap / blobdiff