diff options
| author | Tim Rühsen <tim.ruehsen@gmx.de> | 2017-11-26 18:59:47 +0100 |
|---|---|---|
| committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2017-11-26 18:59:47 +0100 |
| commit | 6aa6b669efbef62f60471c18e7fdef0206f92337 (patch) | |
| tree | 5f86f3ce5deccff4b480f5757bd4f36913711c9b | |
| parent | 8551ceccfedb4390fbfa82c12f0ff714dab1ac76 (diff) | |
| download | wget-openssl-1.1.tar.gz | |
Support building with OpenSSL 1.1 w/o deprecated featuresopenssl-1.1
* src/openssl.c (ssl_init): Fix code for the subject's issue
Reported-by: Matthew Thode
| -rw-r--r-- | src/openssl.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/openssl.c b/src/openssl.c index 0404d2d0..6f4dc1f1 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -174,11 +174,16 @@ ssl_init (void) { SSL_METHOD const *meth; long ssl_options = 0; +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) + int ssl_proto_version = 0; +#endif #if OPENSSL_VERSION_NUMBER >= 0x00907000 if (ssl_true_initialized == 0) { +#if OPENSSL_API_COMPAT < 0x10100000L OPENSSL_config (NULL); +#endif ssl_true_initialized = 1; } #endif @@ -202,8 +207,12 @@ ssl_init (void) CONF_modules_load_file(NULL, NULL, CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE); #endif +#if OPENSSL_API_COMPAT >= 0x10100000L + OPENSSL_init_ssl(0, NULL); +#else SSL_library_init (); SSL_load_error_strings (); +#endif #if OPENSSL_VERSION_NUMBER < 0x10100000L SSLeay_add_all_algorithms (); SSLeay_add_ssl_algorithms (); @@ -229,16 +238,31 @@ ssl_init (void) ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; break; case secure_protocol_tlsv1: +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) + meth = TLS_client_method(); + ssl_proto_version = TLS1_VERSION; +#else meth = TLSv1_client_method (); +#endif break; #if OPENSSL_VERSION_NUMBER >= 0x10001000 case secure_protocol_tlsv1_1: +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) + meth = TLS_client_method(); + ssl_proto_version = TLS1_1_VERSION; +#else meth = TLSv1_1_client_method (); +#endif break; case secure_protocol_tlsv1_2: +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) + meth = TLS_client_method(); + ssl_proto_version = TLS1_2_VERSION; +#else meth = TLSv1_2_client_method (); +#endif break; #else case secure_protocol_tlsv1_1: @@ -265,6 +289,11 @@ ssl_init (void) if (ssl_options) SSL_CTX_set_options (ssl_ctx, ssl_options); +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) + if (ssl_proto_version) + SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version); +#endif + /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html * Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more) */ |