| 69 | fastlock g_ctxtlock("SSL CTX"); |
| 70 | |
| 71 | static int parseProtocolsConfig(const char *str) { |
| 72 | int i, count = 0; |
| 73 | int protocols = 0; |
| 74 | |
| 75 | if (!str) return REDIS_TLS_PROTO_DEFAULT; |
| 76 | sds *tokens = sdssplitlen(str, strlen(str), " ", 1, &count); |
| 77 | |
| 78 | if (!tokens) { |
| 79 | serverLog(LL_WARNING, "Invalid tls-protocols configuration string"); |
| 80 | return -1; |
| 81 | } |
| 82 | for (i = 0; i < count; i++) { |
| 83 | if (!strcasecmp(tokens[i], "tlsv1")) protocols |= REDIS_TLS_PROTO_TLSv1; |
| 84 | else if (!strcasecmp(tokens[i], "tlsv1.1")) protocols |= REDIS_TLS_PROTO_TLSv1_1; |
| 85 | else if (!strcasecmp(tokens[i], "tlsv1.2")) protocols |= REDIS_TLS_PROTO_TLSv1_2; |
| 86 | else if (!strcasecmp(tokens[i], "tlsv1.3")) { |
| 87 | #ifdef TLS1_3_VERSION |
| 88 | protocols |= REDIS_TLS_PROTO_TLSv1_3; |
| 89 | #else |
| 90 | serverLog(LL_WARNING, "TLSv1.3 is specified in tls-protocols but not supported by OpenSSL."); |
| 91 | protocols = -1; |
| 92 | break; |
| 93 | #endif |
| 94 | } else { |
| 95 | serverLog(LL_WARNING, "Invalid tls-protocols specified. " |
| 96 | "Use a combination of 'TLSv1', 'TLSv1.1', 'TLSv1.2' and 'TLSv1.3'."); |
| 97 | protocols = -1; |
| 98 | break; |
| 99 | } |
| 100 | } |
| 101 | sdsfreesplitres(tokens, count); |
| 102 | |
| 103 | return protocols; |
| 104 | } |
| 105 | |
| 106 | /* list of connections with pending data already read from the socket, but not |
| 107 | * served to the reader yet. */ |
no test coverage detected