AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00
Code Releases Activity

Refact: manage SSL_OP_NO_SSLv3 in NewSSLCtx

Browse Source
This commit is contained in:
Takuho NAKANO 2020-05-05 19:05:30 +09:00 committed by Davide Beatrici
parent d0b3cde485
commit 5ca62bdd8a
1 changed files with 4 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/Mayaqua/Network.c
View File

@ -5737,10 +5737,6 @@ SSL_PIPE *NewSslPipeEx(bool server_mode, X *x, K *k, DH_CTX *dh, bool verify_pee
{ {
if (server_mode) if (server_mode)
{ {
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
#ifdef SSL_OP_NO_TLSv1_3 #ifdef SSL_OP_NO_TLSv1_3
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); // For some reason pppd under linux doesn't like it SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); // For some reason pppd under linux doesn't like it
#endif #endif
@ -12114,10 +12110,6 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname)
{ {
if (sock->ServerMode) if (sock->ServerMode)
{ {
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
#ifdef SSL_OP_NO_TLSv1 #ifdef SSL_OP_NO_TLSv1
if (sock->SslAcceptSettings.Tls_Disable1_0) if (sock->SslAcceptSettings.Tls_Disable1_0)
{ {
@ -12150,12 +12142,6 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, UINT ssl_timeout, char *sni_hostname)
AddChainSslCertOnDirectory(ssl_ctx); AddChainSslCertOnDirectory(ssl_ctx);
Lock(openssl_lock); Lock(openssl_lock);
} }
else
{
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
}
sock->ssl = SSL_new(ssl_ctx); sock->ssl = SSL_new(ssl_ctx);
SSL_set_fd(sock->ssl, (int)sock->socket); SSL_set_fd(sock->ssl, (int)sock->socket);
@ -16835,6 +16821,10 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode)
SSL_CTX_set_ssl_version(ctx, SSLv23_client_method()); SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
} }
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
#endif // SSL_OP_NO_SSLv3
return ctx; return ctx;
} }
@ -16965,10 +16955,6 @@ TOKEN_LIST *GetCipherList()
return ciphers; return ciphers;
} }
#ifdef SSL_OP_NO_SSLv3
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
#endif
ssl = SSL_new(ctx); ssl = SSL_new(ctx);
if (ssl == NULL) if (ssl == NULL)
{ {