mirror of
https://github.com/pocoproject/poco.git
synced 2025-10-24 17:30:44 +02:00
use TLS_*_method() instead of deprecated SSLv23_*_method() if OpenSSL version is >= 1.1; initialize default/fallback client context to support all TLS protocols, not just TLSv1
This commit is contained in:
@@ -368,10 +368,18 @@ void Context::createSSLContext()
|
||||
switch (_usage)
|
||||
{
|
||||
case CLIENT_USE:
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
_pSSLContext = SSL_CTX_new(TLS_client_method());
|
||||
#else
|
||||
_pSSLContext = SSL_CTX_new(SSLv23_client_method());
|
||||
#endif
|
||||
break;
|
||||
case SERVER_USE:
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
_pSSLContext = SSL_CTX_new(TLS_server_method());
|
||||
#else
|
||||
_pSSLContext = SSL_CTX_new(SSLv23_server_method());
|
||||
#endif
|
||||
break;
|
||||
#if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1)
|
||||
case TLSV1_CLIENT_USE:
|
||||
|
@@ -148,7 +148,8 @@ Context::Ptr SSLManager::defaultClientContext()
|
||||
catch (Poco::IllegalStateException&)
|
||||
{
|
||||
_ptrClientCertificateHandler = new RejectCertificateHandler(false);
|
||||
_ptrDefaultClientContext = new Context(Context::TLSV1_CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true);
|
||||
_ptrDefaultClientContext = new Context(Context::CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true);
|
||||
_ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3);
|
||||
}
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user