[EGIT] [core/efl] master 01/01: efl net - adapt to openssl 1.1.0 changes with tls method support

Fri, 15 Sep 2017 02:06:10 -0700 

raster pushed a commit to branch master.

http://git.enlightenment.org/core/efl.git/commit/?id=f179d32157ca4bf006a287901834aa2d7c344dc5

commit f179d32157ca4bf006a287901834aa2d7c344dc5
Author: Carsten Haitzler (Rasterman) <[email protected]>
Date:   Fri Sep 15 14:14:03 2017 +0900

    efl net - adapt to openssl 1.1.0 changes with tls method support
    
    support the tls methods if on openssl 1.1.0 so we don't get
    "unsupported cipher" as it does support it just with a new api.
    
    @fix
---
 src/lib/ecore_con/efl_net_ssl_ctx-openssl.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c 
b/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
index ce87b91bee..0fef44e3bf 100644
--- a/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
+++ b/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
@@ -269,7 +269,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, 
Efl_Net_Ssl_Ctx_Config cfg)
 #ifndef OPENSSL_NO_SSL3_METHOD
               ctx->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
 #else
-              ERR("ssl_ctx=%p SSLv3 is disabled in your OpenSSL build", ctx);
+              ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
 #endif
               break;
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
@@ -282,6 +282,12 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, 
Efl_Net_Ssl_Ctx_Config cfg)
            case EFL_NET_SSL_CIPHER_TLSV1_2:
               ctx->ssl_ctx = SSL_CTX_new(TLSv1_2_client_method());
               break;
+#else
+           case EFL_NET_SSL_CIPHER_TLSV1:
+           case EFL_NET_SSL_CIPHER_TLSV1_1:
+           case EFL_NET_SSL_CIPHER_TLSV1_2:
+              ctx->ssl_ctx = SSL_CTX_new(TLS_client_method());
+              break;
 #endif
            default:
               ERR("ssl_ctx=%p unsupported cipher %d", ctx, cfg.cipher);
@@ -301,7 +307,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, 
Efl_Net_Ssl_Ctx_Config cfg)
 #ifndef OPENSSL_NO_SSL3_METHOD
               ctx->ssl_ctx = SSL_CTX_new(SSLv3_server_method());
 #else
-              ERR("ssl_ctx=%p SSLv3 is disabled in your OpenSSL build", ctx);
+              ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
 #endif
               break;
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
@@ -314,6 +320,12 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, 
Efl_Net_Ssl_Ctx_Config cfg)
            case EFL_NET_SSL_CIPHER_TLSV1_2:
               ctx->ssl_ctx = SSL_CTX_new(TLSv1_2_server_method());
               break;
+#else
+           case EFL_NET_SSL_CIPHER_TLSV1:
+           case EFL_NET_SSL_CIPHER_TLSV1_1:
+           case EFL_NET_SSL_CIPHER_TLSV1_2:
+              ctx->ssl_ctx = SSL_CTX_new(TLS_server_method());
+              break;
 #endif
            default:
               ERR("ssl_ctx=%p unsupported cipher %d", ctx, cfg.cipher);

--

Reply via email to