Attachment #522490 for bug #649714

View | Details | Raw Unified | Return to bug 649714
Collapse All | Expand All




void
SecureSocket::initContext(bool server)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
    SSL_library_init();

    const SSL_METHOD* method;


    // load all error messages
    SSL_load_error_strings();
#else
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
                     OPENSSL_INIT_ADD_ALL_CIPHERS |
                     OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);

    const SSL_METHOD* method;
#endif

    if (CLOG->getFilter() >= kINFO) {
        showSecureLibInfo();
    }

#if OPENSSL_VERSION_NUMBER < 0x10100000L
    // SSLv23_method uses TLSv1, with the ability to fall back to SSLv3
    if (server) {
        method = SSLv23_server_method();

    else {
        method = SSLv23_client_method();
    }
#else
    if (server) {
        method = TLS_server_method();
    }
    else {
        method = TLS_client_method();
    }
#endif
    
    // create new context from method
    SSL_METHOD* m = const_cast<SSL_METHOD*>(method);
    m_ssl->m_context = SSL_CTX_new(m);

    // drop SSLv3 support
#if OPENSL_VERSION_NUMBER < 0x10100000L
    SSL_CTX_set_options(m_ssl->m_context, SSL_OP_NO_SSLv3);
#else
    SSL_CTX_set_min_proto_version(m_ssl->m_context, TLS1_VERSION);
#endif

    if (m_ssl->m_context == NULL) {
        showError();

void
SecureSocket::showSecureLibInfo()
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
    LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION)));
    LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_CFLAGS)));
    LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_BUILT_ON)));
    LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_PLATFORM)));
    LOG((CLOG_DEBUG1 "%s",SSLeay_version(SSLEAY_DIR)));
#else
    LOG((CLOG_INFO "%s",OpenSSL_version(OPENSSL_VERSION)));
    LOG((CLOG_DEBUG1 "openSSL : %s",OpenSSL_version(OPENSSL_CFLAGS)));
    LOG((CLOG_DEBUG1 "openSSL : %s",OpenSSL_version(OPENSSL_BUILT_ON)));
    LOG((CLOG_DEBUG1 "openSSL : %s",OpenSSL_version(OPENSSL_PLATFORM)));
    LOG((CLOG_DEBUG1 "%s",OpenSSL_version(OPENSSL_DIR)));
#endif
    return;
}


Return to bug 649714

Lines 363-368 SecureSocket::loadCertificates(String& filename) Link Here

(-)a/src/lib/net/SecureSocket.cpp (+29 lines)
363	void	363	void
364	SecureSocket::initContext(bool server)	364	SecureSocket::initContext(bool server)
365	{	365	{
		366	#if OPENSSL_VERSION_NUMBER < 0x10100000L
366	SSL_library_init();	367	SSL_library_init();
367		368
368	const SSL_METHOD* method;	369	const SSL_METHOD* method;
Lines 372-382 SecureSocket::initContext(bool server) Link Here
372		373
373	// load all error messages	374	// load all error messages
374	SSL_load_error_strings();	375	SSL_load_error_strings();
		376	#else
		377	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \|
		378	OPENSSL_INIT_ADD_ALL_CIPHERS \|
		379	OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
		380
		381	const SSL_METHOD* method;
		382	#endif
375		383
376	if (CLOG->getFilter() >= kINFO) {	384	if (CLOG->getFilter() >= kINFO) {
377	showSecureLibInfo();	385	showSecureLibInfo();
378	}	386	}
379		387
		388	#if OPENSSL_VERSION_NUMBER < 0x10100000L
380	// SSLv23_method uses TLSv1, with the ability to fall back to SSLv3	389	// SSLv23_method uses TLSv1, with the ability to fall back to SSLv3
381	if (server) {	390	if (server) {
382	method = SSLv23_server_method();	391	method = SSLv23_server_method();
Lines 384-396 SecureSocket::initContext(bool server) Link Here
384	else {	393	else {
385	method = SSLv23_client_method();	394	method = SSLv23_client_method();
386	}	395	}
		396	#else
		397	if (server) {
		398	method = TLS_server_method();
		399	}
		400	else {
		401	method = TLS_client_method();
		402	}
		403	#endif
387		404
388	// create new context from method	405	// create new context from method
389	SSL_METHOD* m = const_cast<SSL_METHOD*>(method);	406	SSL_METHOD* m = const_cast<SSL_METHOD*>(method);
390	m_ssl->m_context = SSL_CTX_new(m);	407	m_ssl->m_context = SSL_CTX_new(m);
391		408
392	// drop SSLv3 support	409	// drop SSLv3 support
		410	#if OPENSL_VERSION_NUMBER < 0x10100000L
393	SSL_CTX_set_options(m_ssl->m_context, SSL_OP_NO_SSLv3);	411	SSL_CTX_set_options(m_ssl->m_context, SSL_OP_NO_SSLv3);
		412	#else
		413	SSL_CTX_set_min_proto_version(m_ssl->m_context, TLS1_VERSION);
		414	#endif
394		415
395	if (m_ssl->m_context == NULL) {	416	if (m_ssl->m_context == NULL) {
396	showError();	417	showError();
Lines 828-838 SecureSocket::showSecureCipherInfo() Link Here
828	void	849	void
829	SecureSocket::showSecureLibInfo()	850	SecureSocket::showSecureLibInfo()
830	{	851	{
		852	#if OPENSSL_VERSION_NUMBER < 0x10100000L
831	LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION)));	853	LOG((CLOG_INFO "%s",SSLeay_version(SSLEAY_VERSION)));
832	LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_CFLAGS)));	854	LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_CFLAGS)));
833	LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_BUILT_ON)));	855	LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_BUILT_ON)));
834	LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_PLATFORM)));	856	LOG((CLOG_DEBUG1 "openSSL : %s",SSLeay_version(SSLEAY_PLATFORM)));
835	LOG((CLOG_DEBUG1 "%s",SSLeay_version(SSLEAY_DIR)));	857	LOG((CLOG_DEBUG1 "%s",SSLeay_version(SSLEAY_DIR)));
		858	#else
		859	LOG((CLOG_INFO "%s",OpenSSL_version(OPENSSL_VERSION)));
		860	LOG((CLOG_DEBUG1 "openSSL : %s",OpenSSL_version(OPENSSL_CFLAGS)));
		861	LOG((CLOG_DEBUG1 "openSSL : %s",OpenSSL_version(OPENSSL_BUILT_ON)));
		862	LOG((CLOG_DEBUG1 "openSSL : %s",OpenSSL_version(OPENSSL_PLATFORM)));
		863	LOG((CLOG_DEBUG1 "%s",OpenSSL_version(OPENSSL_DIR)));
		864	#endif
836	return;	865	return;
837	}	866	}
838		867