[glib-openssl] client: do not allow legacy server connections



commit 6ac32d239ee8193275e2c6a763527a29d6e3e2d6
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Wed Oct 18 17:36:51 2017 +0200

    client: do not allow legacy server connections

 tls/openssl/gtlsclientconnection-openssl.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 4a1bb39..9a60400 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -445,6 +445,8 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
             SSL_OP_NO_TLSv1_1;
   SSL_CTX_set_options (priv->ssl_ctx, options);
 
+  SSL_CTX_clear_options (priv->ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT);
+
   hostname = get_server_identity (client);
 
 #if OPENSSL_VERSION_NUMBER >= 0x10200000L && !defined (LIBRESSL_VERSION_NUMBER)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]