vulpineawoo/solanum
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Disable TLSv1.0

Browse source 
Also some misc other cleanups/additions to bring it in line with the
release/3.5 backend
This commit is contained in:
Aaron Jones 2016-12-30 17:44:03 +00:00
parent 5bcd4c7c60
commit 35cd299395
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
librb/src/openssl.c
View file

@ -290,7 +290,10 @@ make_certfp(X509 *const cert, uint8_t certfp[const RB_SSL_CERTFP_LEN], const int
}
if(ASN1_item_digest(item, md_type, data, certfp, &hashlen) != 1)
{
rb_lib_log("%s: ASN1_item_digest: %s", __func__, rb_ssl_strerror(rb_ssl_last_err()));
return 0;
}
return (int) hashlen;
}
@ -428,6 +431,10 @@ rb_setup_ssl_server(const char *const certfile, const char *keyfile,
(void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#endif
#ifdef SSL_OP_NO_TLSv1
(void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_TLSv1);
#endif
#ifdef SSL_OP_NO_TICKET
(void) SSL_CTX_set_options(ssl_ctx_new, SSL_OP_NO_TICKET);
#endif
@ -517,7 +524,7 @@ rb_get_ssl_strerror(rb_fde_t *const F)
int
rb_get_ssl_certfp(rb_fde_t *const F, uint8_t certfp[const RB_SSL_CERTFP_LEN], const int method)
{
if(F->ssl == NULL)
if(F == NULL || F->ssl == NULL)
return 0;
X509 *const peer_cert = SSL_get_peer_certificate(SSL_P(F));