| From 01fafc449f0de56743d08e7976933c49e2915bfa Mon Sep 17 00:00:00 2001 |
| From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> |
| Date: Wed, 15 Nov 2017 12:46:25 +0000 |
| Subject: [PATCH] tls: compile with OpenSSL 1.1.0 |
| |
| The init functions are not longer required in OpenSSL 1.1 so I dropped |
| them. |
| |
| TLSv1_client_method() should not be used because it enables only the |
| TLSv1.0 protocol. Better is to use SSLv23_client_method() which enable |
| all the protocols including TLSv1.2. With this functions SSLv2 and SSLv3 |
| is theoretically possible but as of today those protocols are usually |
| build-time disabled. |
| To avoid all this OpenSSL 1.1 provides TLS_client_method() which is aim |
| to provide to highest TLS protocol version (same as |
| SSLv23_client_method() but it is deprecated in 1.1). |
| |
| Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> |
| --- |
| src/tls.c | 12 ++++++++---- |
| 1 file changed, 8 insertions(+), 4 deletions(-) |
| |
| diff --git a/src/tls.c b/src/tls.c |
| index 4562c7327077..e0e5c1a5f079 100644 |
| --- a/src/tls.c |
| +++ b/src/tls.c |
| @@ -88,14 +88,13 @@ static inline int tls_setup(shout_tls_t *tls) |
| { |
| long ssl_opts = 0; |
| |
| -#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
| SSL_library_init(); |
| SSL_load_error_strings(); |
| SSLeay_add_all_algorithms(); |
| SSLeay_add_ssl_algorithms(); |
| |
| - tls->ssl_ctx = SSL_CTX_new(TLSv1_client_method()); |
| - ssl_opts |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3 |
| + tls->ssl_ctx = SSL_CTX_new(SSLv23_client_method()); |
| #else |
| tls->ssl_ctx = SSL_CTX_new(TLS_client_method()); |
| SSL_CTX_set_min_proto_version(tls->ssl_ctx, TLS1_VERSION); |
| -- |
| 2.15.0 |
