mirror of
				https://github.com/pocoproject/poco.git
				synced 2025-10-24 17:30:44 +02:00 
			
		
		
		
	use TLS_*_method() instead of deprecated SSLv23_*_method() if OpenSSL version is >= 1.1; initialize default/fallback client context to support all TLS protocols, not just TLSv1
This commit is contained in:
		| @@ -368,10 +368,18 @@ void Context::createSSLContext() | ||||
| 		switch (_usage) | ||||
| 		{ | ||||
| 		case CLIENT_USE: | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 			_pSSLContext = SSL_CTX_new(TLS_client_method()); | ||||
| #else | ||||
| 			_pSSLContext = SSL_CTX_new(SSLv23_client_method()); | ||||
| #endif | ||||
| 			break; | ||||
| 		case SERVER_USE: | ||||
| #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||||
| 			_pSSLContext = SSL_CTX_new(TLS_server_method()); | ||||
| #else | ||||
| 			_pSSLContext = SSL_CTX_new(SSLv23_server_method()); | ||||
| #endif | ||||
| 			break; | ||||
| #if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1) | ||||
| 		case TLSV1_CLIENT_USE: | ||||
|   | ||||
| @@ -148,7 +148,8 @@ Context::Ptr SSLManager::defaultClientContext() | ||||
| 		catch (Poco::IllegalStateException&) | ||||
| 		{ | ||||
| 			_ptrClientCertificateHandler = new RejectCertificateHandler(false); | ||||
| 			_ptrDefaultClientContext = new Context(Context::TLSV1_CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true); | ||||
| 			_ptrDefaultClientContext = new Context(Context::CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true); | ||||
| 			_ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3); | ||||
| 		} | ||||
| 	} | ||||
| 		 | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Guenter Obiltschnig
					Guenter Obiltschnig