Skip to content

Commit

Permalink
tls: deprecate old version specific tls methods (#378)
Browse files Browse the repository at this point in the history 
only TLS_method() and DTLS_method() should be used now
  • Loading branch information
@sreimers
sreimers authored Jun 1, 2022
1 parent 6a294ed commit 12c130a
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 30 deletions.
7 changes: 4 additions & 3 deletions include/re_tls.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,11 @@ typedef struct ssl_ctx_st SSL_CTX;

/** Defines the TLS method */
enum tls_method {
TLS_METHOD_SSLV23,
TLS_METHOD_DTLSV1,
TLS_METHOD_TLS,
TLS_METHOD_SSLV23, /* deprecated - fallback to TLS_METHOD_TLS */
TLS_METHOD_DTLS, /* DTLS 1.0 and 1.2 */
TLS_METHOD_DTLSV1_2, /* DTLS 1.2 */
TLS_METHOD_DTLSV1, /* deprecated - fallback to TLS_METHOD_DTLS */
TLS_METHOD_DTLSV1_2, /* deprecated - fallback to TLS_METHOD_DTLS */
};

enum tls_fingerprint {
Expand Down
30 changes: 3 additions & 27 deletions src/tls/openssl/tls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,40 +205,16 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
tls->verify_server = true;
switch (method) {

case TLS_METHOD_TLS:
case TLS_METHOD_SSLV23:
tls->ctx = SSL_CTX_new(SSLv23_method());
tls->ctx = SSL_CTX_new(TLS_method());
break;

#ifdef USE_OPENSSL_DTLS
case TLS_METHOD_DTLSV1:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
!defined(LIBRESSL_VERSION_NUMBER)

tls->ctx = SSL_CTX_new(DTLS_method());
#else
tls->ctx = SSL_CTX_new(DTLSv1_method());
#endif
break;

#ifdef SSL_OP_NO_DTLSv1_2
/* DTLS v1.2 is available in OpenSSL 1.0.2 and later */

case TLS_METHOD_DTLS:
tls->ctx = SSL_CTX_new(DTLS_method());
break;

case TLS_METHOD_DTLSV1:
case TLS_METHOD_DTLSV1_2:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
!defined(LIBRESSL_VERSION_NUMBER)

tls->ctx = SSL_CTX_new(DTLS_method());
#else
tls->ctx = SSL_CTX_new(DTLSv1_2_method());
#endif
break;
#endif

#endif

default:
DEBUG_WARNING("tls method %d not supported\n", method);
Expand Down

0 comments on commit 12c130a

Please sign in to comment.