[openssl-dev] On SSLv23_method() drop and TLS_method() introduction
Kurt Roeckx
kurt at roeckx.be
Tue May 19 16:40:38 UTC 2015
On Tue, May 19, 2015 at 05:03:12PM +0100, Matt Caswell wrote:
> >
> > No. The change is not a property of the version number.
> > I have OpenSSL 0.9.7 (plus patches...) without SSLv{2,3}.
> >
> > Index: HTTP.c
> > ===================================================================
> > RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v
> > retrieving revision 1.26
> > retrieving revision 1.27
> > diff -u -p -r1.26 -r1.27
> > --- HTTP.c 13 Mar 2014 04:46:43 -0000 1.26
> > +++ HTTP.c 4 Jan 2015 22:24:27 -0000 1.27
> > @@ -124,7 +124,11 @@ SSL *HTGetSSLHandle(void)
> > ssl_opts &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
> > #endif
> > SSLeay_add_ssl_algorithms();
> > +#if defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)
> > + ssl_ctx = SSL_CTX_new(TLSv1_client_method());
> > +#else
> > ssl_ctx = SSL_CTX_new(SSLv23_client_method());
> > +#endif
> > SSL_CTX_set_options(ssl_ctx, ssl_opts);
> > SSL_CTX_set_default_verify_paths(ssl_ctx);
> > SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, HTSSLCallback);
> >
> > This should do the trick.
>
> This is not correct.
And because of this confusion I want to remove things like
TLSv1_client_method().
I think that we should just provide the SSLv23_client_method define
without the need to enable something, and I guess I missed
something during the review in that case.
Kurt
More information about the openssl-dev
mailing list