Attachment #498698 for bug #604490

Lines 174-184 Link Here

(-)wget-1.19.1-orig/src/openssl.c (+29 lines)
174	{	174	{
175	SSL_METHOD const *meth;	175	SSL_METHOD const *meth;
176	long ssl_options = 0;	176	long ssl_options = 0;
		177	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		178	int ssl_proto_version = 0;
		179	#endif
177		180
178	#if OPENSSL_VERSION_NUMBER >= 0x00907000	181	#if OPENSSL_VERSION_NUMBER >= 0x00907000
179	if (ssl_true_initialized == 0)	182	if (ssl_true_initialized == 0)
180	{	183	{
		184	#if OPENSSL_API_COMPAT < 0x10100000L
181	OPENSSL_config (NULL);	185	OPENSSL_config (NULL);
		186	#endif
182	ssl_true_initialized = 1;	187	ssl_true_initialized = 1;
183	}	188	}
184	#endif	189	#endif
Lines 202-209 Link Here
202	CONF_modules_load_file(NULL, NULL,	207	CONF_modules_load_file(NULL, NULL,
203	CONF_MFLAGS_DEFAULT_SECTION\|CONF_MFLAGS_IGNORE_MISSING_FILE);	208	CONF_MFLAGS_DEFAULT_SECTION\|CONF_MFLAGS_IGNORE_MISSING_FILE);
204	#endif	209	#endif
		210	#if OPENSSL_API_COMPAT >= 0x10100000L
		211	OPENSSL_init_ssl(0, NULL);
		212	#else
205	SSL_library_init ();	213	SSL_library_init ();
206	SSL_load_error_strings ();	214	SSL_load_error_strings ();
		215	#endif
207	#if OPENSSL_VERSION_NUMBER < 0x10100000L	216	#if OPENSSL_VERSION_NUMBER < 0x10100000L
208	SSLeay_add_all_algorithms ();	217	SSLeay_add_all_algorithms ();
209	SSLeay_add_ssl_algorithms ();	218	SSLeay_add_ssl_algorithms ();
Lines 229-244 Link Here
229	ssl_options \|= SSL_OP_NO_SSLv2 \| SSL_OP_NO_SSLv3;	238	ssl_options \|= SSL_OP_NO_SSLv2 \| SSL_OP_NO_SSLv3;
230	break;	239	break;
231	case secure_protocol_tlsv1:	240	case secure_protocol_tlsv1:
		241	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		242	meth = TLS_client_method();
		243	ssl_proto_version = TLS1_VERSION;
		244	#else
232	meth = TLSv1_client_method ();	245	meth = TLSv1_client_method ();
		246	#endif
233	break;	247	break;
234		248
235	#if OPENSSL_VERSION_NUMBER >= 0x10001000	249	#if OPENSSL_VERSION_NUMBER >= 0x10001000
236	case secure_protocol_tlsv1_1:	250	case secure_protocol_tlsv1_1:
		251	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		252	meth = TLS_client_method();
		253	ssl_proto_version = TLS1_1_VERSION;
		254	#else
237	meth = TLSv1_1_client_method ();	255	meth = TLSv1_1_client_method ();
		256	#endif
238	break;	257	break;
239		258
240	case secure_protocol_tlsv1_2:	259	case secure_protocol_tlsv1_2:
		260	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		261	meth = TLS_client_method();
		262	ssl_proto_version = TLS1_2_VERSION;
		263	#else
241	meth = TLSv1_2_client_method ();	264	meth = TLSv1_2_client_method ();
		265	#endif
242	break;	266	break;
243	#else	267	#else
244	case secure_protocol_tlsv1_1:	268	case secure_protocol_tlsv1_1:
Lines 262-270 Link Here
262	if (!ssl_ctx)	286	if (!ssl_ctx)
263	goto error;	287	goto error;
264		288
		289	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
265	if (ssl_options)	290	if (ssl_options)
266	SSL_CTX_set_options (ssl_ctx, ssl_options);	291	SSL_CTX_set_options (ssl_ctx, ssl_options);
		292	#endif
267		293
		294	if (ssl_proto_version)
		295	SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version);
		296
268	/* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html	297	/* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
269	* Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more)	298	* Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more)
270	*/	299	*/

Return to bug 604490