From dbf5e76047f40288afd3f27600afb8cb265cc4bf Mon Sep 17 00:00:00 2001 From: jvelilla Date: Thu, 22 Jun 2017 10:23:56 -0300 Subject: [PATCH] Updated EWF network and httpd libraries. Updated features using ssl_2 and ssl_3 as obsolete and raise a developer exception. --- .../src/ssl/http_stream_secure_socket.e | 15 ++++++++++- .../client/src/ssl/web_socket_client.e | 4 ++- .../configuration/httpd_configuration_i.e | 25 +++++++++++++------ .../server/httpd/ssl/httpd_configuration.e | 13 ++++++++++ 4 files changed, 47 insertions(+), 10 deletions(-) diff --git a/library/network/http_network/src/ssl/http_stream_secure_socket.e b/library/network/http_network/src/ssl/http_stream_secure_socket.e index c14aec4f..9ada51f8 100644 --- a/library/network/http_network/src/ssl/http_stream_secure_socket.e +++ b/library/network/http_network/src/ssl/http_stream_secure_socket.e @@ -54,7 +54,20 @@ feature -- Secure connection Helpers set_tls_protocol (v) end - set_secure_protocol_to_tls_1_0 + set_secure_protocol_to_ssl_2_or_3 + -- Set `ssl_protocol' with `Ssl_23'. + -- Protocol not supported anymore. + obsolete + "Use set_secure_protocol_to_tls_1_2 [2017-11-30]." + local + err: DEVELOPER_EXCEPTION + do + create err + err.set_description ("SSL_2 or SSL_3 are not supported anymore, upgrate to TLS set_secure_protocol_to_tls_1_2") + err.raise + end + + set_secure_protocol_to_tls_1_0 -- Set `ssl_protocol' with `Tls_1_0'. do set_secure_protocol ({SSL_PROTOCOL}.Tls_1_0) diff --git a/library/network/websocket/client/src/ssl/web_socket_client.e b/library/network/websocket/client/src/ssl/web_socket_client.e index d0639a62..2ae681e2 100644 --- a/library/network/websocket/client/src/ssl/web_socket_client.e +++ b/library/network/websocket/client/src/ssl/web_socket_client.e @@ -26,7 +26,9 @@ feature -- Factory create l_secure.make_client_by_port (a_port, a_host) Result := l_secure if attached secure_protocol as l_prot then - if l_prot.is_case_insensitive_equal ("tls_1_0") then + if l_prot.is_case_insensitive_equal ("ssl_2_3") then + l_secure.set_secure_protocol_to_ssl_2_or_3 + elseif l_prot.is_case_insensitive_equal ("tls_1_0") then l_secure.set_secure_protocol_to_tls_1_0 elseif l_prot.is_case_insensitive_equal ("tls_1_1") then l_secure.set_secure_protocol_to_tls_1_1 diff --git a/library/server/httpd/configuration/httpd_configuration_i.e b/library/server/httpd/configuration/httpd_configuration_i.e index 61e702a9..403d8cfc 100644 --- a/library/server/httpd/configuration/httpd_configuration_i.e +++ b/library/server/httpd/configuration/httpd_configuration_i.e @@ -167,7 +167,7 @@ feature -- Element change end set_socket_timeout (a_nb_seconds: like socket_timeout) - -- Set `socket_timeout' with `a_nb_seconds' + -- Set `socket_timeout' with `a_nb_seconds'. do socket_timeout := a_nb_seconds ensure @@ -175,7 +175,7 @@ feature -- Element change end set_socket_recv_timeout (a_nb_seconds: like socket_recv_timeout) - -- Set `socket_recv_timeout' with `a_nb_seconds' + -- Set `socket_recv_timeout' with `a_nb_seconds'. do socket_recv_timeout := a_nb_seconds ensure @@ -183,7 +183,7 @@ feature -- Element change end set_keep_alive_timeout (a_seconds: like keep_alive_timeout) - -- Set `keep_alive_timeout' with `a_seconds' + -- Set `keep_alive_timeout' with `a_seconds'. do keep_alive_timeout := a_seconds ensure @@ -191,7 +191,7 @@ feature -- Element change end set_max_keep_alive_requests (nb: like max_keep_alive_requests) - -- Set `max_keep_alive_requests' with `nb' + -- Set `max_keep_alive_requests' with `nb'. do max_keep_alive_requests := nb ensure @@ -254,7 +254,7 @@ feature -- Element change end mark_secure - -- Set is_secure in True + -- Set is_secure in True. do set_is_secure (True) ensure @@ -287,7 +287,7 @@ feature -- Element change end set_secure_protocol (a_version: NATURAL) - -- Set `secure_protocol' with `a_version' + -- Set `secure_protocol' with `a_version'. do secure_protocol := a_version ensure @@ -295,9 +295,11 @@ feature -- Element change end set_secure_protocol_from_string (a_ssl_version: READABLE_STRING_GENERAL) - -- Set `secure_protocol' with `a_ssl_version' + -- Set `secure_protocol' with `a_ssl_version'. do - if a_ssl_version.is_case_insensitive_equal ("tls_1_0") then + if a_ssl_version.is_case_insensitive_equal ("ssl_2_3") then + set_secure_protocol_to_ssl_2_or_3 + elseif a_ssl_version.is_case_insensitive_equal ("tls_1_0") then set_secure_protocol_to_tls_1_0 elseif a_ssl_version.is_case_insensitive_equal ("tls_1_1") then set_secure_protocol_to_tls_1_1 @@ -312,6 +314,13 @@ feature -- Element change feature -- SSL Helpers + set_secure_protocol_to_ssl_2_or_3 + -- Set `secure_protocol' with `Ssl_23'. + obsolete + "Use set_secure_protocol_to_tls_1_0 [2017-11-30]." + deferred + end + set_secure_protocol_to_tls_1_0 -- Set `secure_protocol' with `Tls_1_0'. deferred diff --git a/library/server/httpd/ssl/httpd_configuration.e b/library/server/httpd/ssl/httpd_configuration.e index e0901a1a..1e5dc7e3 100644 --- a/library/server/httpd/ssl/httpd_configuration.e +++ b/library/server/httpd/ssl/httpd_configuration.e @@ -35,6 +35,19 @@ feature -- Access feature -- SSL Helpers + set_secure_protocol_to_ssl_2_or_3 + -- Set `ssl_protocol' with `Ssl_23'. + -- Protocol not supported anymore. + obsolete + "Use set_secure_protocol_to_tls_1_2 [2017-11-30]." + local + err: DEVELOPER_EXCEPTION + do + create err + err.set_description ("SSL_2 or SSL_3 are not supported anymore, upgrate to TLS set_secure_protocol_to_tls_1_2") + err.raise + end + set_secure_protocol_to_tls_1_0 -- Set `secure_protocol' with `Tls_1_0'. do