modernize ssl context init

with openssl 1.1+, use TLS_client_method() instead of the deprecated
SSLv23_client_method().
This commit is contained in:
Oswald Buddenhagen 2019-07-28 12:02:30 +02:00
parent f63e4338e8
commit 91abf2b830

View File

@ -210,7 +210,12 @@ init_ssl_ctx( const server_conf_t *conf )
if (conf->SSLContext) if (conf->SSLContext)
return conf->ssl_ctx_valid; return conf->ssl_ctx_valid;
mconf->SSLContext = SSL_CTX_new( SSLv23_client_method() ); #if OPENSSL_VERSION_NUMBER >= 0x10100000L
const SSL_METHOD *method = TLS_client_method();
#else
const SSL_METHOD *method = SSLv23_client_method();
#endif
mconf->SSLContext = SSL_CTX_new( method );
if (!(conf->ssl_versions & SSLv3)) if (!(conf->ssl_versions & SSLv3))
options |= SSL_OP_NO_SSLv3; options |= SSL_OP_NO_SSLv3;