[glib-networking/wip/openssl: 18/27] Try to support the openssl version in rhel 6

From: Ignacio Casal Quinteiro <icq src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/wip/openssl: 18/27] Try to support the openssl version in rhel 6
Date: Fri, 6 Nov 2015 10:33:07 +0000 (UTC)

commit 0151677505a56274500a3128116f6c75b8a6f06e
Author: Ignacio Casal Quinteiro <icq gnome org>
Date:   Wed Sep 23 16:51:40 2015 +0200

    Try to support the openssl version in rhel 6

 tls/openssl/gtlsclientconnection-openssl.c |   15 +++++++++++----
 tls/openssl/gtlsserverconnection-openssl.c |   15 +++++++++++----
 2 files changed, 22 insertions(+), 8 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index c50355d..0a43618 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -401,6 +401,7 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
 {
   GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (initable);
   GTlsClientConnectionOpensslPrivate *priv;
+  long options;
 
   priv = g_tls_client_connection_openssl_get_instance_private (client);
 
@@ -415,11 +416,17 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
+  options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_SSLv2 |
+            SSL_OP_NO_SSLv3 |
+            SSL_OP_NO_TLSv1;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+  options |= SSL_OP_NO_TLSv1_1;
+#endif
+
   /* Only TLS 1.2 or higher */
-  SSL_CTX_set_options (priv->ssl_ctx,
-                       SSL_OP_NO_TICKET |
-                       SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
-                       SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
+  SSL_CTX_set_options (priv->ssl_ctx, options);
 
 #if OPENSSL_VERSION_NUMBER >= 0x10200000L
   {
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index 9c7c1f8..ed8d5ff 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -224,6 +224,7 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
   GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (initable);
   GTlsServerConnectionOpensslPrivate *priv;
   GTlsCertificate *cert;
+  long options;
 
   priv = g_tls_server_connection_openssl_get_instance_private (server);
 
@@ -238,11 +239,17 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
+  options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_SSLv2 |
+            SSL_OP_NO_SSLv3 |
+            SSL_OP_NO_TLSv1;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+  options |= SSL_OP_NO_TLSv1_1;
+#endif
+
   /* Only TLS 1.2 or higher */
-  SSL_CTX_set_options (priv->ssl_ctx,
-                       SSL_OP_NO_TICKET |
-                       SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
-                       SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
+  SSL_CTX_set_options (priv->ssl_ctx, options);
 
   cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
   if (cert != NULL)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]