summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Kazuki Yamaguchi <k@rhe.jp>2016-04-09 01:22:15 +0900
committerLibravatar Junio C Hamano <gitster@pobox.com>2016-04-08 11:46:33 -0700
commitb51c0d4b4c70b3d2ddac1657b98b17e77af1c404 (patch)
tree99aa216796500c95536db225a95d119aa6b38a95
parentimap-send: check NULL return of SSL_CTX_new() (diff)
downloadtgif-b51c0d4b4c70b3d2ddac1657b98b17e77af1c404.tar.xz
imap-send: avoid deprecated TLSv1_method()
Use SSLv23_method always and disable SSL if needed. TLSv1_method() function is deprecated in OpenSSL 1.1.0 and the compiler emits a warning. SSLv23_method() is also deprecated, but the alternative, TLS_method(), is new in OpenSSL 1.1.0 so requires checking by configure. Stick to SSLv23_method() for now (this is aliased to TLS_method()). Signed-off-by: Kazuki Yamaguchi <k@rhe.jp> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--imap-send.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/imap-send.c b/imap-send.c
index e964e2a7fc..78b6ff6494 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -287,11 +287,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
SSL_library_init();
SSL_load_error_strings();
- if (use_tls_only)
- meth = TLSv1_method();
- else
- meth = SSLv23_method();
-
+ meth = SSLv23_method();
if (!meth) {
ssl_socket_perror("SSLv23_method");
return -1;
@@ -303,6 +299,9 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
return -1;
}
+ if (use_tls_only)
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
if (verify)
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);