소스 검색

Prefer TLS_client_method() over SSLv23_client_method()

Bryan Drewery 6 년 전
부모
커밋
2f5684e2b9
3개의 변경된 파일5개의 추가작업 그리고 3개의 파일을 삭제
  1. 1 0
      doc/UPDATES.md
  2. 0 3
      src/libssl.cc
  3. 4 0
      src/openssl.cc

+ 1 - 0
doc/UPDATES.md

@@ -9,6 +9,7 @@
   * Fix -Wwritable-strings warnings
   * Fix dirname(3) support on FreeBSD (#89).
   * Fix OpenSSL 1.1 forward compat.
+  * SSL: Prefer TLS_client_method() over SSLv23_client_method().
 
 # 1.4.9
   * Fix various compile warnings and spam

+ 0 - 3
src/libssl.cc

@@ -61,10 +61,7 @@ static int load_symbols(void *handle) {
   /* Some forward-compat is handled in src/compat/openssl.cc. */
 #endif
 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
-  /* For SSLv23_client_method */
   DLSYM_GLOBAL(handle, TLS_client_method);
-  /* For SSLv23_method */
-  DLSYM_GLOBAL(handle, TLS_method);
   DLSYM_GLOBAL(handle, SSL_CTX_set_options);
 #else
   DLSYM_GLOBAL_FWDCOMPAT(handle, SSLv23_client_method);

+ 4 - 0
src/openssl.cc

@@ -78,7 +78,11 @@ int init_openssl() {
   /* good place to init ssl stuff */
   SSL_load_error_strings();
   OpenSSL_add_ssl_algorithms();
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
+  ssl_ctx = SSL_CTX_new(TLS_client_method());
+#else
   ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+#endif
   if (!ssl_ctx) {
     sdprintf("SSL_CTX_new() failed");
     return 1;