Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
OpenSSL deprecated SSLv23_method so use TLS_method
For OpenSSL version 1.1.0 and higher the SSLv23_method() is deprecated
and one should use TLS_method() e.g. not TLSv1*_method as we did before.
  • Loading branch information
Marco van Wieringen committed Oct 19, 2015
1 parent f12eecb commit 4e29178
Showing 1 changed file with 23 additions and 4 deletions.
27 changes: 23 additions & 4 deletions src/lib/tls.c
Expand Up @@ -105,15 +105,34 @@ TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,

ctx = (TLS_CONTEXT *)malloc(sizeof(TLS_CONTEXT));

/* Allocate our OpenSSL TLSv1 Context */
ctx->openssl = SSL_CTX_new(TLSv1_method());

/*
* Allocate our OpenSSL TLSv1 Context
*/
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
ctx->openssl = SSL_CTX_new(TLS_method());
#else
ctx->openssl = SSL_CTX_new(SSLv23_method());
#endif
if (!ctx->openssl) {
openssl_post_errors(M_FATAL, _("Error initializing SSL context"));
goto err;
}

/* Set up pem encryption callback */
/*
* Enable all Bug Workarounds
*/
SSL_CTX_set_options(ctx->openssl, SSL_OP_ALL);

#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
/*
* Disallow broken sslv2 and sslv3.
*/
SSL_CTX_set_options(ctx->openssl, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#endif

/*
* Set up pem encryption callback
*/
if (pem_callback) {
ctx->pem_callback = pem_callback;
ctx->pem_userdata = pem_userdata;
Expand Down

0 comments on commit 4e29178

Please sign in to comment.