github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2025-03-25 01:00:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Support building with OpenSSL 1.1 w/o deprecated features

Browse Source 
* src/openssl.c (ssl_init): Fix code for the subject's issue

Reported-by: Matthew Thode
This commit is contained in:
Tim Rühsen 2017-11-26 18:59:47 +01:00
parent 8551ceccfe
commit 6aa6b669ef
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/openssl.c
View File

@ -174,11 +174,16 @@ ssl_init (void)
{
SSL_METHOD const *meth;
long ssl_options = 0;
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
int ssl_proto_version = 0;
#endif
#if OPENSSL_VERSION_NUMBER >= 0x00907000
if (ssl_true_initialized == 0)
{
#if OPENSSL_API_COMPAT < 0x10100000L
OPENSSL_config (NULL);
#endif
ssl_true_initialized = 1;
}
#endif
@ -202,8 +207,12 @@ ssl_init (void)
CONF_modules_load_file(NULL, NULL,
CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
#endif
#if OPENSSL_API_COMPAT >= 0x10100000L
OPENSSL_init_ssl(0, NULL);
#else
SSL_library_init ();
SSL_load_error_strings ();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSLeay_add_all_algorithms ();
SSLeay_add_ssl_algorithms ();
@ -229,16 +238,31 @@ ssl_init (void)
ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
break;
case secure_protocol_tlsv1:
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
meth = TLS_client_method();
ssl_proto_version = TLS1_VERSION;
#else
meth = TLSv1_client_method ();
#endif
break;
#if OPENSSL_VERSION_NUMBER >= 0x10001000
case secure_protocol_tlsv1_1:
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
meth = TLS_client_method();
ssl_proto_version = TLS1_1_VERSION;
#else
meth = TLSv1_1_client_method ();
#endif
break;
case secure_protocol_tlsv1_2:
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
meth = TLS_client_method();
ssl_proto_version = TLS1_2_VERSION;
#else
meth = TLSv1_2_client_method ();
#endif
break;
#else
case secure_protocol_tlsv1_1:
@ -265,6 +289,11 @@ ssl_init (void)
if (ssl_options)
SSL_CTX_set_options (ssl_ctx, ssl_options);
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
if (ssl_proto_version)
SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version);
#endif
/* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
* Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more)
*/