diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/common/BoxPortsAndFiles.h.in | 4 | ||||
-rw-r--r-- | lib/common/Test.h | 2 | ||||
-rw-r--r-- | lib/server/TLSContext.cpp | 9 |
3 files changed, 15 insertions, 0 deletions
diff --git a/lib/common/BoxPortsAndFiles.h.in b/lib/common/BoxPortsAndFiles.h.in index 047a828f..8978cd4c 100644 --- a/lib/common/BoxPortsAndFiles.h.in +++ b/lib/common/BoxPortsAndFiles.h.in @@ -20,6 +20,10 @@ // directory within the RAIDFILE root for the backup store daemon #define BOX_RAIDFILE_ROOT_BBSTORED "backup" +// default security level if SSLSecurityLevel is not specified: see +// https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates +const int BOX_DEFAULT_SSL_SECURITY_LEVEL = 1; + // configuration file paths #ifdef WIN32 // no default config file path, use these macros to call diff --git a/lib/common/Test.h b/lib/common/Test.h index 4b5cef61..32f8220d 100644 --- a/lib/common/Test.h +++ b/lib/common/Test.h @@ -23,6 +23,7 @@ #define BBACKUPQUERY "..\\..\\bin\\bbackupquery\\bbackupquery.exe" #define BBSTOREACCOUNTS "..\\..\\bin\\bbstoreaccounts\\bbstoreaccounts.exe" #define TEST_RETURN(actual, expected) TEST_EQUAL(expected, actual); +#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE(expected, actual, command); #else #define BBACKUPCTL "../../bin/bbackupctl/bbackupctl" #define BBACKUPD "../../bin/bbackupd/bbackupd" @@ -30,6 +31,7 @@ #define BBACKUPQUERY "../../bin/bbackupquery/bbackupquery" #define BBSTOREACCOUNTS "../../bin/bbstoreaccounts/bbstoreaccounts" #define TEST_RETURN(actual, expected) TEST_EQUAL((expected << 8), actual); +#define TEST_RETURN_COMMAND(actual, expected, command) TEST_EQUAL_LINE((expected << 8), actual, command); #endif extern int num_failures; diff --git a/lib/server/TLSContext.cpp b/lib/server/TLSContext.cpp index 1a6d4a53..d3f41f45 100644 --- a/lib/server/TLSContext.cpp +++ b/lib/server/TLSContext.cpp @@ -14,6 +14,7 @@ #include "autogen_ConnectionException.h" #include "autogen_ServerException.h" +#include "BoxPortsAndFiles.h" #include "CryptoUtils.h" #include "SSLLib.h" #include "TLSContext.h" @@ -84,6 +85,14 @@ void TLSContext::Initialise(bool AsServer, const char *CertificatesFile, const c THROW_EXCEPTION(ServerException, TLSAllocationFailed) } +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + BOX_WARNING("This version of Box Backup overrides the system-wide SSLSecurityLevel for " + "backwards compatibility. Please upgrade as soon as possible. See " + "https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2 " + "for details"); + SSL_CTX_set_security_level(mpContext, BOX_DEFAULT_SSL_SECURITY_LEVEL); +#endif + // Setup our identity if(::SSL_CTX_use_certificate_chain_file(mpContext, CertificatesFile) != 1) { |