diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-09 01:22:15 +0900 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-04-08 11:46:33 -0700 |
| commit | b51c0d4b4c70b3d2ddac1657b98b17e77af1c404 (patch) | |
| tree | 99aa216796500c95536db225a95d119aa6b38a95 /imap-send.c | |
| parent | 6738a33b3102222b25f7a1596aa1ed39c478a268 (diff) | |
| download | git-b51c0d4b4c70b3d2ddac1657b98b17e77af1c404.tar.gz | |
imap-send: avoid deprecated TLSv1_method()
Use SSLv23_method always and disable SSL if needed.
TLSv1_method() function is deprecated in OpenSSL 1.1.0 and the compiler
emits a warning.
SSLv23_method() is also deprecated, but the alternative, TLS_method(),
is new in OpenSSL 1.1.0 so requires checking by configure. Stick to
SSLv23_method() for now (this is aliased to TLS_method()).
Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'imap-send.c')
| -rw-r--r-- | imap-send.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/imap-send.c b/imap-send.c index e964e2a7fc..78b6ff6494 100644 --- a/imap-send.c +++ b/imap-send.c @@ -287,11 +287,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve SSL_library_init(); SSL_load_error_strings(); - if (use_tls_only) - meth = TLSv1_method(); - else - meth = SSLv23_method(); - + meth = SSLv23_method(); if (!meth) { ssl_socket_perror("SSLv23_method"); return -1; @@ -303,6 +299,9 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve return -1; } + if (use_tls_only) + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + if (verify) SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); |