<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><a class="moz-txt-link-freetext" href="https://fedorahosted.org/389/ticket/47945">https://fedorahosted.org/389/ticket/47945</a><br>
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/389/attachment/ticket/47945/0001-Ticket-47945-Add-SSL-TLS-version-info-to-the-access-.5.patch">https://fedorahosted.org/389/attachment/ticket/47945/0001-Ticket-47945-Add-SSL-TLS-version-info-to-the-access-.5.patch</a><br>
git patch file (master) -- applied the change in <a
title="Comment 11 for Ticket #47945"
href="https://fedorahosted.org/389/ticket/47945#comment:11">comment:11</a>
by Rich. Thank you!!<br>
<br>
Once approved, I'm going to attach the code
slapi_getSSLVersion_str to this bug...<br>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1161807"><b>Bug 1161807</b></a>
-<span id="summary_alias_container"> <span
id="short_desc_nonedit_display">[RFE] API to convert SSL
version number to SSL version string</span></span><br>
<br>
--noriko<br>
<br>
<br>
On 11/10/2014 01:10 PM, 389 Project wrote:<br>
</div>
<blockquote
cite="mid:051.ab6c10e6c5b37521da1551cbbcfe8d28@fedorahosted.org"
type="cite">
<pre wrap="">#47945: Add SSL/TLS version info to the access log
-------------------------------------------------+-------------------------
Reporter: nhosoi | Owner: nhosoi
Type: defect | Status:
Priority: major | accepted
Component: Directory Server | Milestone: 1.3.3
Resolution: | backlog
Blocked By: | Version: 1.3.0
Review: review? | Keywords:
Red Hat Bugzilla: | Blocking:
[<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/show_bug.cgi?id=1153737">https://bugzilla.redhat.com/show_bug.cgi?id=1153737</a>| Ticket origin:
1153737] | Community
-------------------------------------------------+-------------------------
Comment (by rmeggins):
Thanks. Almost there
{{{
if ((vnum & SSL_LIBRARY_VERSION_3_0) == SSL_LIBRARY_VERSION_3_0) {
...
}}}
This will only work for TLSv1.x. I would like to see support for TLSv2.x
and later, something like this:
{{{
if (vnum >= SSL_LIBRARY_VERSION_3_0) {
if (vnum == SSL_LIBRARY_VERSION_3_0) { /* SSL3 */
if (buf && bufsize) {
PR_snprintf(buf, bufsize, "SSL3");
} else {
vstr = slapi_ch_smprintf("SSL3");
}
} else { /* TLS v X.Y */
const char *TLSFMT = "TLS%d.%d";
int minor_offset = 0; /* e.g. 0x0401 -> TLS v 2.1, not 2.0 */
if ((vnum & SSL_LIBRARY_VERSION_3_0) ==
SSL_LIBRARY_VERSION_3_0) {
minor_offset = 1; /* e.g. 0x0301 -> TLS v 1.0, not 1.1 */
}
if (buf && bufsize) {
PR_snprintf(buf, bufsize, TLSFMT, (vnum >> 8) - 2, (vnum &
0xff) - minor_offset);
} else {
vstr = slapi_ch_smprintf(TLSFMT, (vnum >> 8) - 2, (vnum &
0xff) - minor_offset);
}
}
} else { /* SSL2 or unknown */
...
}
}}}
That way, if vnum > SSL_LIBRARY_VERSION_3_0 (e.g. vnum == 0x0400 e.g. TLS
v2.0) our code will support it with no changes.
</pre>
</blockquote>
<br>
</body>
</html>