Lines 174-184
Link Here
|
174 |
{ |
174 |
{ |
175 |
SSL_METHOD const *meth; |
175 |
SSL_METHOD const *meth; |
176 |
long ssl_options = 0; |
176 |
long ssl_options = 0; |
|
|
177 |
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
178 |
int ssl_proto_version = 0; |
179 |
#endif |
177 |
|
180 |
|
178 |
#if OPENSSL_VERSION_NUMBER >= 0x00907000 |
181 |
#if OPENSSL_VERSION_NUMBER >= 0x00907000 |
179 |
if (ssl_true_initialized == 0) |
182 |
if (ssl_true_initialized == 0) |
180 |
{ |
183 |
{ |
|
|
184 |
#if OPENSSL_API_COMPAT < 0x10100000L |
181 |
OPENSSL_config (NULL); |
185 |
OPENSSL_config (NULL); |
|
|
186 |
#endif |
182 |
ssl_true_initialized = 1; |
187 |
ssl_true_initialized = 1; |
183 |
} |
188 |
} |
184 |
#endif |
189 |
#endif |
Lines 202-209
Link Here
|
202 |
CONF_modules_load_file(NULL, NULL, |
207 |
CONF_modules_load_file(NULL, NULL, |
203 |
CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE); |
208 |
CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE); |
204 |
#endif |
209 |
#endif |
|
|
210 |
#if OPENSSL_API_COMPAT >= 0x10100000L |
211 |
OPENSSL_init_ssl(0, NULL); |
212 |
#else |
205 |
SSL_library_init (); |
213 |
SSL_library_init (); |
206 |
SSL_load_error_strings (); |
214 |
SSL_load_error_strings (); |
|
|
215 |
#endif |
207 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
216 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
208 |
SSLeay_add_all_algorithms (); |
217 |
SSLeay_add_all_algorithms (); |
209 |
SSLeay_add_ssl_algorithms (); |
218 |
SSLeay_add_ssl_algorithms (); |
Lines 229-244
Link Here
|
229 |
ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; |
238 |
ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; |
230 |
break; |
239 |
break; |
231 |
case secure_protocol_tlsv1: |
240 |
case secure_protocol_tlsv1: |
|
|
241 |
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
242 |
meth = TLS_client_method(); |
243 |
ssl_proto_version = TLS1_VERSION; |
244 |
#else |
232 |
meth = TLSv1_client_method (); |
245 |
meth = TLSv1_client_method (); |
|
|
246 |
#endif |
233 |
break; |
247 |
break; |
234 |
|
248 |
|
235 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000 |
249 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000 |
236 |
case secure_protocol_tlsv1_1: |
250 |
case secure_protocol_tlsv1_1: |
|
|
251 |
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
252 |
meth = TLS_client_method(); |
253 |
ssl_proto_version = TLS1_1_VERSION; |
254 |
#else |
237 |
meth = TLSv1_1_client_method (); |
255 |
meth = TLSv1_1_client_method (); |
|
|
256 |
#endif |
238 |
break; |
257 |
break; |
239 |
|
258 |
|
240 |
case secure_protocol_tlsv1_2: |
259 |
case secure_protocol_tlsv1_2: |
|
|
260 |
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
261 |
meth = TLS_client_method(); |
262 |
ssl_proto_version = TLS1_2_VERSION; |
263 |
#else |
241 |
meth = TLSv1_2_client_method (); |
264 |
meth = TLSv1_2_client_method (); |
|
|
265 |
#endif |
242 |
break; |
266 |
break; |
243 |
#else |
267 |
#else |
244 |
case secure_protocol_tlsv1_1: |
268 |
case secure_protocol_tlsv1_1: |
Lines 262-270
Link Here
|
262 |
if (!ssl_ctx) |
286 |
if (!ssl_ctx) |
263 |
goto error; |
287 |
goto error; |
264 |
|
288 |
|
|
|
289 |
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
265 |
if (ssl_options) |
290 |
if (ssl_options) |
266 |
SSL_CTX_set_options (ssl_ctx, ssl_options); |
291 |
SSL_CTX_set_options (ssl_ctx, ssl_options); |
|
|
292 |
#endif |
267 |
|
293 |
|
|
|
294 |
if (ssl_proto_version) |
295 |
SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version); |
296 |
|
268 |
/* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html |
297 |
/* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html |
269 |
* Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more) |
298 |
* Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more) |
270 |
*/ |
299 |
*/ |