| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- From 01fafc449f0de56743d08e7976933c49e2915bfa Mon Sep 17 00:00:00 2001
- From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Date: Wed, 15 Nov 2017 12:46:25 +0000
- Subject: [PATCH] tls: compile with OpenSSL 1.1.0
- The init functions are not longer required in OpenSSL 1.1 so I dropped
- them.
- TLSv1_client_method() should not be used because it enables only the
- TLSv1.0 protocol. Better is to use SSLv23_client_method() which enable
- all the protocols including TLSv1.2. With this functions SSLv2 and SSLv3
- is theoretically possible but as of today those protocols are usually
- build-time disabled.
- To avoid all this OpenSSL 1.1 provides TLS_client_method() which is aim
- to provide to highest TLS protocol version (same as
- SSLv23_client_method() but it is deprecated in 1.1).
- Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
- ---
- src/tls.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
- diff --git a/src/tls.c b/src/tls.c
- index 4562c7327077..e0e5c1a5f079 100644
- --- a/src/tls.c
- +++ b/src/tls.c
- @@ -24,6 +24,7 @@
- #endif
-
- #include <shout/shout.h>
- +#include <string.h>
- #include "shout_private.h"
-
- #ifndef XXX_HAVE_X509_check_host
- @@ -61,14 +62,17 @@ shout_tls_t *shout_tls_new(shout_t *self, sock_t socket)
-
- static inline int tls_setup(shout_tls_t *tls)
- {
- - SSL_METHOD *meth;
- -
- + const SSL_METHOD *meth;
- +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- SSL_library_init();
- SSL_load_error_strings();
- SSLeay_add_all_algorithms();
- - SSLeay_add_ssl_algorithms();
- + SSLeay_add_ssl_algorithms();
-
- - meth = TLSv1_client_method();
- + meth = SSLv23_client_method();
- +#else
- + meth = TLS_client_method();
- +#endif
- if (!meth)
- goto error;
-
- --
- 2.15.0
|
