diff options
author | Sam Hartman <hartmans@debian.org> | 2017-08-12 10:12:03 -0400 |
---|---|---|
committer | Sam Hartman <hartmans@debian.org> | 2017-08-12 10:22:21 -0400 |
commit | 38b6e62c6c8eb8bb40ba018a7cc995319e8817c0 (patch) | |
tree | 78df681b9fa6dd0956e354b80dfde9cb0ab44891 | |
parent | e9b1c537ff00eaf45bfc06cadcc440ac323f255d (diff) |
Improve tlscommon.c for openssl 1.1
* Pass in tls_method so that all versions of TLS can be supported
* Disable sslv3; we should also disable TLS1 but that might be an
issue since previous versions only supported TLS1
* We need to look at the ASN1 deprecated warnings, but figuring out a
fix that works both for Centos and Debian is more time than I wanted
to spend. The deprecated warning seems OK there, so make it not an
error at least for now.
-rw-r--r-- | radsecproxy/Makefile.am | 1 | ||||
-rw-r--r-- | radsecproxy/tlscommon.c | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/radsecproxy/Makefile.am b/radsecproxy/Makefile.am index dc5ffc4..872416b 100644 --- a/radsecproxy/Makefile.am +++ b/radsecproxy/Makefile.am @@ -21,3 +21,4 @@ if RS_ENABLE_TLS libradsec_radsecproxy_la_SOURCES += \ tlscommon.c tlscommon.h endif +libradsec_radsecproxy_la_CFLAGS = -Wno-error=deprecated diff --git a/radsecproxy/tlscommon.c b/radsecproxy/tlscommon.c index a31fa32..5a5660b 100644 --- a/radsecproxy/tlscommon.c +++ b/radsecproxy/tlscommon.c @@ -202,12 +202,12 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { switch (type) { #ifdef RADPROT_TLS case RAD_TLS: - ctx = SSL_CTX_new(TLSv1_method()); + ctx = SSL_CTX_new(TLS_method()); break; #endif #ifdef RADPROT_DTLS case RAD_DTLS: - ctx = SSL_CTX_new(DTLSv1_method()); + ctx = SSL_CTX_new(DTLS_method()); SSL_CTX_set_read_ahead(ctx, 1); break; #endif @@ -218,6 +218,7 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); return NULL; } + SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3); #ifdef DEBUG SSL_CTX_set_info_callback(ctx, ssl_info_callback); #endif |