generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2024-12-17 03:55:59 +01:00
Code Issues Projects Releases Wiki Activity

use TLS_*_method() instead of deprecated SSLv23_*_method() if OpenSSL version is >= 1.1; initialize default/fallback client context to support all TLS protocols, not just TLSv1

Browse Source
This commit is contained in:
Guenter Obiltschnig 2016-03-12 12:18:18 +01:00
parent d49ea8a51b
commit 443e54fdde
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
NetSSL_OpenSSL/src/Context.cpp
View File

@ -368,10 +368,18 @@ void Context::createSSLContext()
switch (_usage)
{
case CLIENT_USE:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
_pSSLContext = SSL_CTX_new(TLS_client_method());
#else
_pSSLContext = SSL_CTX_new(SSLv23_client_method());
#endif
break;
case SERVER_USE:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
_pSSLContext = SSL_CTX_new(TLS_server_method());
#else
_pSSLContext = SSL_CTX_new(SSLv23_server_method());
#endif
break;
#if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1)
case TLSV1_CLIENT_USE:

3
NetSSL_OpenSSL/src/SSLManager.cpp
View File

@ -148,7 +148,8 @@ Context::Ptr SSLManager::defaultClientContext()
catch (Poco::IllegalStateException&)
{
_ptrClientCertificateHandler = new RejectCertificateHandler(false);
_ptrDefaultClientContext = new Context(Context::TLSV1_CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true);
_ptrDefaultClientContext = new Context(Context::CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true);
_ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3);
}
}