mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 15:32:35 +00:00
Disable option openssl-method
This commit is contained in:
Gerhard Rieger
parent
181228cf53
commit
14f3e4fed8
8 changed files with 56 additions and 12 deletions
6
CHANGES
6
CHANGES
|
|
@ -55,6 +55,12 @@ corrections:
|
||||||
TCP6:127.0.0.1:80
|
TCP6:127.0.0.1:80
|
||||||
Thanks to Nicolas Fournil for reporting this issue.
|
Thanks to Nicolas Fournil for reporting this issue.
|
||||||
|
|
||||||
|
porting:
|
||||||
|
OpenSSL functions TLS1_client_method() and similar are
|
||||||
|
deprecated. Socat now uses recommended TLS_client_method(). The old
|
||||||
|
functions and dependend option openssl-method can still be
|
||||||
|
used when configuring socat with --enable-openssl-method
|
||||||
|
|
||||||
testing:
|
testing:
|
||||||
test.sh: Show a warning when phase-1 (insecure phase) of a security
|
test.sh: Show a warning when phase-1 (insecure phase) of a security
|
||||||
test fails
|
test fails
|
||||||
|
|
|
||||||
|
|
@ -433,6 +433,10 @@
|
||||||
/* Define if you have the HAVE_SSL_CTX_set_default_verify_paths function */
|
/* Define if you have the HAVE_SSL_CTX_set_default_verify_paths function */
|
||||||
#undef HAVE_SSL_CTX_set_default_verify_paths
|
#undef HAVE_SSL_CTX_set_default_verify_paths
|
||||||
|
|
||||||
|
/* Define if you have the TLS client and server method functions. not in old openssl? */
|
||||||
|
#undef HAVE_TLS_client_method
|
||||||
|
#undef HAVE_TLS_server_method
|
||||||
|
|
||||||
/* Define if you have the SSLv3 client and server method functions. not in new openssl */
|
/* Define if you have the SSLv3 client and server method functions. not in new openssl */
|
||||||
#undef HAVE_SSLv3_client_method
|
#undef HAVE_SSLv3_client_method
|
||||||
#undef HAVE_SSLv3_server_method
|
#undef HAVE_SSLv3_server_method
|
||||||
|
|
@ -625,6 +629,7 @@
|
||||||
#undef WITH_PTY
|
#undef WITH_PTY
|
||||||
#undef WITH_EXT2
|
#undef WITH_EXT2
|
||||||
#undef WITH_OPENSSL
|
#undef WITH_OPENSSL
|
||||||
|
#undef WITH_OPENSSL_METHOD
|
||||||
#define WITH_STREAMS 1
|
#define WITH_STREAMS 1
|
||||||
#undef WITH_FIPS
|
#undef WITH_FIPS
|
||||||
#undef OPENSSL_FIPS
|
#undef OPENSSL_FIPS
|
||||||
|
|
|
||||||
14
configure.in
14
configure.in
|
|
@ -568,6 +568,16 @@ if test -n "$WITH_OPENSSL"; then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test -n "$WITH_OPENSSL"; then
|
||||||
|
AC_MSG_CHECKING(whether to include OpenSSL method option)
|
||||||
|
AC_ARG_ENABLE(openssl-method, [ --enable-openssl-method enable OpenSSL method option],
|
||||||
|
[case "$enableval" in
|
||||||
|
no) AC_MSG_RESULT(no);;
|
||||||
|
*) AC_DEFINE(WITH_OPENSSL_METHOD) WITH_OPENSSL_METHOD=1; AC_MSG_RESULT(yes);;
|
||||||
|
esac],
|
||||||
|
[AC_MSG_RESULT(no)])
|
||||||
|
fi
|
||||||
|
|
||||||
# check for fips support
|
# check for fips support
|
||||||
AC_MSG_CHECKING(whether to include openssl fips support)
|
AC_MSG_CHECKING(whether to include openssl fips support)
|
||||||
AC_ARG_ENABLE(fips, [ --enable-fips enable OpenSSL FIPS support],
|
AC_ARG_ENABLE(fips, [ --enable-fips enable OpenSSL FIPS support],
|
||||||
|
|
@ -1425,6 +1435,9 @@ AC_CHECK_FUNC(SSLv2_server_method, AC_DEFINE(HAVE_SSLv2_server_method), AC_CHECK
|
||||||
dnl
|
dnl
|
||||||
AC_CHECK_FUNC(SSL_CTX_set_default_verify_paths, AC_DEFINE(HAVE_SSL_CTX_set_default_verify_paths))
|
AC_CHECK_FUNC(SSL_CTX_set_default_verify_paths, AC_DEFINE(HAVE_SSL_CTX_set_default_verify_paths))
|
||||||
|
|
||||||
|
AC_CHECK_FUNC(TLS_client_method, AC_DEFINE(HAVE_TLS_client_method), AC_CHECK_LIB(crypt, TLS_client_method, [LIBS=-lcrypt $LIBS]))
|
||||||
|
AC_CHECK_FUNC(TLS_server_method, AC_DEFINE(HAVE_TLS_server_method), AC_CHECK_LIB(crypt, TLS_server_method, [LIBS=-lcrypt $LIBS]))
|
||||||
|
if test -n "$WITH_OPENSSL_METHOD"; then
|
||||||
AC_CHECK_FUNC(SSLv3_client_method, AC_DEFINE(HAVE_SSLv3_client_method), AC_CHECK_LIB(crypt, SSLv3_client_method, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(SSLv3_client_method, AC_DEFINE(HAVE_SSLv3_client_method), AC_CHECK_LIB(crypt, SSLv3_client_method, [LIBS=-lcrypt $LIBS]))
|
||||||
AC_CHECK_FUNC(SSLv3_server_method, AC_DEFINE(HAVE_SSLv3_server_method), AC_CHECK_LIB(crypt, SSLv3_server_method, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(SSLv3_server_method, AC_DEFINE(HAVE_SSLv3_server_method), AC_CHECK_LIB(crypt, SSLv3_server_method, [LIBS=-lcrypt $LIBS]))
|
||||||
AC_CHECK_FUNC(SSLv23_client_method, AC_DEFINE(HAVE_SSLv23_client_method), AC_CHECK_LIB(crypt, SSLv23_client_method, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(SSLv23_client_method, AC_DEFINE(HAVE_SSLv23_client_method), AC_CHECK_LIB(crypt, SSLv23_client_method, [LIBS=-lcrypt $LIBS]))
|
||||||
|
|
@ -1437,6 +1450,7 @@ AC_CHECK_FUNC(TLSv1_2_client_method, AC_DEFINE(HAVE_TLSv1_2_client_method), AC_C
|
||||||
AC_CHECK_FUNC(TLSv1_2_server_method, AC_DEFINE(HAVE_TLSv1_2_server_method), AC_CHECK_LIB(crypt, TLSv1_2_server_method, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(TLSv1_2_server_method, AC_DEFINE(HAVE_TLSv1_2_server_method), AC_CHECK_LIB(crypt, TLSv1_2_server_method, [LIBS=-lcrypt $LIBS]))
|
||||||
AC_CHECK_FUNC(DTLSv1_client_method, AC_DEFINE(HAVE_DTLSv1_client_method), AC_CHECK_LIB(crypt, DTLSv1_client_method, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(DTLSv1_client_method, AC_DEFINE(HAVE_DTLSv1_client_method), AC_CHECK_LIB(crypt, DTLSv1_client_method, [LIBS=-lcrypt $LIBS]))
|
||||||
AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHECK_LIB(crypt, DTLSv1_server_method, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHECK_LIB(crypt, DTLSv1_server_method, [LIBS=-lcrypt $LIBS]))
|
||||||
|
fi # $WITH_OPENSSL_METHOD
|
||||||
AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS]))
|
||||||
AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS]))
|
||||||
AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS]))
|
AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS]))
|
||||||
|
|
|
||||||
10
doc/socat.yo
10
doc/socat.yo
|
|
@ -506,7 +506,6 @@ label(ADDRESS_OPENSSL_CONNECT)dit(bf(tt(OPENSSL:<host>:<port>)))
|
||||||
Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(OPENSSL)(GROUP_OPENSSL),link(RETRY)(GROUP_RETRY) nl()
|
Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(OPENSSL)(GROUP_OPENSSL),link(RETRY)(GROUP_RETRY) nl()
|
||||||
Useful options:
|
Useful options:
|
||||||
link(cipher)(OPTION_OPENSSL_CIPHERLIST),
|
link(cipher)(OPTION_OPENSSL_CIPHERLIST),
|
||||||
link(method)(OPTION_OPENSSL_METHOD),
|
|
||||||
link(verify)(OPTION_OPENSSL_VERIFY),
|
link(verify)(OPTION_OPENSSL_VERIFY),
|
||||||
link(commonname)(OPTION_OPENSSL_COMMONNAME)
|
link(commonname)(OPTION_OPENSSL_COMMONNAME)
|
||||||
link(cafile)(OPTION_OPENSSL_CAFILE),
|
link(cafile)(OPTION_OPENSSL_CAFILE),
|
||||||
|
|
@ -535,7 +534,6 @@ label(ADDRESS_OPENSSL_LISTEN)dit(bf(tt(OPENSSL-LISTEN:<port>)))
|
||||||
Useful options:
|
Useful options:
|
||||||
link(pf)(OPTION_PROTOCOL_FAMILY),
|
link(pf)(OPTION_PROTOCOL_FAMILY),
|
||||||
link(cipher)(OPTION_OPENSSL_CIPHERLIST),
|
link(cipher)(OPTION_OPENSSL_CIPHERLIST),
|
||||||
link(method)(OPTION_OPENSSL_METHOD),
|
|
||||||
link(verify)(OPTION_OPENSSL_VERIFY),
|
link(verify)(OPTION_OPENSSL_VERIFY),
|
||||||
link(commonname)(OPTION_OPENSSL_COMMONNAME)
|
link(commonname)(OPTION_OPENSSL_COMMONNAME)
|
||||||
link(cafile)(OPTION_OPENSSL_CAFILE),
|
link(cafile)(OPTION_OPENSSL_CAFILE),
|
||||||
|
|
@ -2633,17 +2631,19 @@ label(OPTION_OPENSSL_CIPHERLIST)dit(bf(tt(cipher=<cipherlist>)))
|
||||||
Note that the peer must support the selected property, or the negotiation
|
Note that the peer must support the selected property, or the negotiation
|
||||||
will fail.
|
will fail.
|
||||||
label(OPTION_OPENSSL_METHOD)dit(bf(tt(method=<ssl-method>)))
|
label(OPTION_OPENSSL_METHOD)dit(bf(tt(method=<ssl-method>)))
|
||||||
|
This option is based on deprecated functions and is only available when
|
||||||
|
socat() was build with option tt(--with-openssl-method).
|
||||||
Sets the protocol version to be used. Valid strings (not case sensitive)
|
Sets the protocol version to be used. Valid strings (not case sensitive)
|
||||||
are:
|
are:
|
||||||
startdit()
|
startdit()
|
||||||
dit(tt(SSL2)) Select SSL protocol version 2.
|
dit(tt(SSL2)) Select SSL protocol version 2.
|
||||||
dit(tt(SSL3)) Select SSL protocol version 3.
|
dit(tt(SSL3)) Select SSL protocol version 3.
|
||||||
dit(tt(SSL23)) Select the best available SSL or TLS protocol. This is the default when
|
dit(tt(SSL23)) Select the best available SSL or TLS protocol.
|
||||||
this option is not provided.
|
|
||||||
dit(tt(TLS1)) Select TLS protocol version 1.
|
dit(tt(TLS1)) Select TLS protocol version 1.
|
||||||
dit(tt(TLS1.1)) Select TLS protocol version 1.1.
|
dit(tt(TLS1.1)) Select TLS protocol version 1.1.
|
||||||
dit(tt(TLS1.2)) Select TLS protocol version 1.2.
|
dit(tt(TLS1.2)) Select TLS protocol version 1.2.
|
||||||
dit(tt(DTLS1)) Select DTLS protocol version 1.
|
When this option is not provided OpenSSL negotiates the mothod with its
|
||||||
|
peer.
|
||||||
enddit()
|
enddit()
|
||||||
label(OPTION_OPENSSL_VERIFY)dit(bf(tt(verify=<bool>)))
|
label(OPTION_OPENSSL_VERIFY)dit(bf(tt(verify=<bool>)))
|
||||||
Controls check of the peer's certificate. Default is 1 (true). Disabling
|
Controls check of the peer's certificate. Default is 1 (true). Disabling
|
||||||
|
|
|
||||||
4
sslcls.c
4
sslcls.c
|
|
@ -91,6 +91,7 @@ const SSL_METHOD *sycSSLv23_server_method(void) {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if HAVE_TLSv1_client_method
|
||||||
const SSL_METHOD *sycTLSv1_client_method(void) {
|
const SSL_METHOD *sycTLSv1_client_method(void) {
|
||||||
const SSL_METHOD *result;
|
const SSL_METHOD *result;
|
||||||
Debug("TLSv1_client_method()");
|
Debug("TLSv1_client_method()");
|
||||||
|
|
@ -98,7 +99,9 @@ const SSL_METHOD *sycTLSv1_client_method(void) {
|
||||||
Debug1("TLSv1_client_method() -> %p", result);
|
Debug1("TLSv1_client_method() -> %p", result);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if HAVE_TLSv1_server_method
|
||||||
const SSL_METHOD *sycTLSv1_server_method(void) {
|
const SSL_METHOD *sycTLSv1_server_method(void) {
|
||||||
const SSL_METHOD *result;
|
const SSL_METHOD *result;
|
||||||
Debug("TLSv1_server_method()");
|
Debug("TLSv1_server_method()");
|
||||||
|
|
@ -106,6 +109,7 @@ const SSL_METHOD *sycTLSv1_server_method(void) {
|
||||||
Debug1("TLSv1_server_method() -> %p", result);
|
Debug1("TLSv1_server_method() -> %p", result);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if HAVE_TLSv1_1_client_method
|
#if HAVE_TLSv1_1_client_method
|
||||||
const SSL_METHOD *sycTLSv1_1_client_method(void) {
|
const SSL_METHOD *sycTLSv1_1_client_method(void) {
|
||||||
|
|
|
||||||
14
test.sh
14
test.sh
|
|
@ -12411,14 +12411,17 @@ if ! eval $NUMCOND; then :;
|
||||||
elif ! testaddrs openssl >/dev/null; then
|
elif ! testaddrs openssl >/dev/null; then
|
||||||
$PRINTF "test $F_n $TEST... ${YELLOW}OPENSSL not available${NORMAL}\n" $N
|
$PRINTF "test $F_n $TEST... ${YELLOW}OPENSSL not available${NORMAL}\n" $N
|
||||||
numCANT=$((numCANT+1))
|
numCANT=$((numCANT+1))
|
||||||
|
elif ! socat -hhh |grep -q "^[[:space:]]*openssl-method[[:space:]]"; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Option openssl-method not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
else
|
else
|
||||||
gentestcert testsrv
|
gentestcert testsrv
|
||||||
tf="$td/test$N.stdout"
|
tf="$td/test$N.stdout"
|
||||||
te="$td/test$N.stderr"
|
te="$td/test$N.stderr"
|
||||||
tdiff="$td/test$N.diff"
|
tdiff="$td/test$N.diff"
|
||||||
da="test$N $(date) $RANDOM"
|
da="test$N $(date) $RANDOM"
|
||||||
CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cert=testsrv.pem,verify=0 PIPE"
|
CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,openssl-method=$method,cert=testsrv.pem,verify=0 PIPE"
|
||||||
CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,verify=0"
|
CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,opensslmethod=$method,verify=0"
|
||||||
printf "test $F_n $TEST... " $N
|
printf "test $F_n $TEST... " $N
|
||||||
if [ "$method" = DTLS1 -a "$(echo -e "$OPENSSL_VERSION\n1.0.2" |sort -V |tail -n 1)" = "$OPENSSL_VERSION_GOOD" ]; then
|
if [ "$method" = DTLS1 -a "$(echo -e "$OPENSSL_VERSION\n1.0.2" |sort -V |tail -n 1)" = "$OPENSSL_VERSION_GOOD" ]; then
|
||||||
$PRINTF "${YELLOW}might hang, skipping${NORMAL}\n"
|
$PRINTF "${YELLOW}might hang, skipping${NORMAL}\n"
|
||||||
|
|
@ -12468,14 +12471,17 @@ if ! eval $NUMCOND; then :;
|
||||||
elif ! testaddrs openssl >/dev/null; then
|
elif ! testaddrs openssl >/dev/null; then
|
||||||
$PRINTF "test $F_n $TEST... ${YELLOW}OPENSSL not available${NORMAL}\n" $N
|
$PRINTF "test $F_n $TEST... ${YELLOW}OPENSSL not available${NORMAL}\n" $N
|
||||||
numCANT=$((numCANT+1))
|
numCANT=$((numCANT+1))
|
||||||
|
elif ! socat -hhh |grep -q "^[[:space:]]*openssl-method[[:space:]]"; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}Option openssl-method not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
else
|
else
|
||||||
gentestcert testsrv
|
gentestcert testsrv
|
||||||
tf="$td/test$N.stdout"
|
tf="$td/test$N.stdout"
|
||||||
te="$td/test$N.stderr"
|
te="$td/test$N.stderr"
|
||||||
tdiff="$td/test$N.diff"
|
tdiff="$td/test$N.diff"
|
||||||
da="test$N $(date) $RANDOM"
|
da="test$N $(date) $RANDOM"
|
||||||
CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cert=testsrv.pem,verify=0 PIPE"
|
CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,openssl-method=$method,cert=testsrv.pem,verify=0 PIPE"
|
||||||
CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,verify=0"
|
CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,openssl-method=$method,verify=0"
|
||||||
printf "test $F_n $TEST... " $N
|
printf "test $F_n $TEST... " $N
|
||||||
if [ "$method" = DTLS1 -a "$(echo -e "$OPENSSL_VERSION\n1.0.2" |sort -V |tail -n 1)" = "$OPENSSL_VERSION_GOOD" ]; then
|
if [ "$method" = DTLS1 -a "$(echo -e "$OPENSSL_VERSION\n1.0.2" |sort -V |tail -n 1)" = "$OPENSSL_VERSION_GOOD" ]; then
|
||||||
$PRINTF "${YELLOW}might hang, skipping${NORMAL}\n"
|
$PRINTF "${YELLOW}might hang, skipping${NORMAL}\n"
|
||||||
|
|
|
||||||
|
|
@ -101,7 +101,9 @@ const struct addrdesc addr_openssl_listen = {
|
||||||
|
|
||||||
/* both client and server */
|
/* both client and server */
|
||||||
const struct optdesc opt_openssl_cipherlist = { "openssl-cipherlist", "ciphers", OPT_OPENSSL_CIPHERLIST, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
|
const struct optdesc opt_openssl_cipherlist = { "openssl-cipherlist", "ciphers", OPT_OPENSSL_CIPHERLIST, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
|
||||||
|
#if WITH_OPENSSL_METHOD
|
||||||
const struct optdesc opt_openssl_method = { "openssl-method", "method", OPT_OPENSSL_METHOD, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
|
const struct optdesc opt_openssl_method = { "openssl-method", "method", OPT_OPENSSL_METHOD, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
|
||||||
|
#endif
|
||||||
const struct optdesc opt_openssl_verify = { "openssl-verify", "verify", OPT_OPENSSL_VERIFY, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
|
const struct optdesc opt_openssl_verify = { "openssl-verify", "verify", OPT_OPENSSL_VERIFY, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
|
||||||
const struct optdesc opt_openssl_certificate = { "openssl-certificate", "cert", OPT_OPENSSL_CERTIFICATE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
|
const struct optdesc opt_openssl_certificate = { "openssl-certificate", "cert", OPT_OPENSSL_CERTIFICATE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
|
||||||
const struct optdesc opt_openssl_key = { "openssl-key", "key", OPT_OPENSSL_KEY, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
|
const struct optdesc opt_openssl_key = { "openssl-key", "key", OPT_OPENSSL_KEY, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
|
||||||
|
|
@ -806,7 +808,9 @@ int
|
||||||
Error1("openssl-method=\"%s\": method unknown or not provided by library", me_str);
|
Error1("openssl-method=\"%s\": method unknown or not provided by library", me_str);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
#if HAVE_SSLv23_client_method
|
#if HAVE_TLS_client_method
|
||||||
|
method = TLS_client_method();
|
||||||
|
#elif HAVE_SSLv23_client_method
|
||||||
method = sycSSLv23_client_method();
|
method = sycSSLv23_client_method();
|
||||||
#elif HAVE_TLSv1_2_client_method
|
#elif HAVE_TLSv1_2_client_method
|
||||||
method = sycTLSv1_2_client_method();
|
method = sycTLSv1_2_client_method();
|
||||||
|
|
@ -826,7 +830,6 @@ int
|
||||||
if (me_str != 0) {
|
if (me_str != 0) {
|
||||||
if (false) {
|
if (false) {
|
||||||
; /* for canonical reasons */
|
; /* for canonical reasons */
|
||||||
|
|
||||||
#if HAVE_SSLv2_server_method
|
#if HAVE_SSLv2_server_method
|
||||||
} else if (!strcasecmp(me_str, "SSL2")) {
|
} else if (!strcasecmp(me_str, "SSL2")) {
|
||||||
method = sycSSLv2_server_method();
|
method = sycSSLv2_server_method();
|
||||||
|
|
@ -859,7 +862,9 @@ int
|
||||||
Error1("openssl-method=\"%s\": method unknown or not provided by library", me_str);
|
Error1("openssl-method=\"%s\": method unknown or not provided by library", me_str);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
#if HAVE_SSLv23_server_method
|
#if HAVE_TLS_server_method
|
||||||
|
method = TLS_server_method();
|
||||||
|
#elif HAVE_SSLv23_server_method
|
||||||
method = sycSSLv23_server_method();
|
method = sycSSLv23_server_method();
|
||||||
#elif HAVE_TLSv1_2_server_method
|
#elif HAVE_TLSv1_2_server_method
|
||||||
method = sycTLSv1_2_server_method();
|
method = sycTLSv1_2_server_method();
|
||||||
|
|
|
||||||
|
|
@ -879,7 +879,9 @@ const struct optname optionnames[] = {
|
||||||
#ifdef IP_ADD_MEMBERSHIP
|
#ifdef IP_ADD_MEMBERSHIP
|
||||||
IF_IP ("membership", &opt_ip_add_membership)
|
IF_IP ("membership", &opt_ip_add_membership)
|
||||||
#endif
|
#endif
|
||||||
|
#if WITH_OPENSSL_METHOD
|
||||||
IF_OPENSSL("method", &opt_openssl_method)
|
IF_OPENSSL("method", &opt_openssl_method)
|
||||||
|
#endif
|
||||||
IF_TERMIOS("min", &opt_vmin)
|
IF_TERMIOS("min", &opt_vmin)
|
||||||
IF_ANY ("mode", &opt_perm)
|
IF_ANY ("mode", &opt_perm)
|
||||||
#ifdef TCP_MAXSEG
|
#ifdef TCP_MAXSEG
|
||||||
|
|
@ -1109,7 +1111,9 @@ const struct optname optionnames[] = {
|
||||||
IF_OPENSSL("openssl-fips", &opt_openssl_fips)
|
IF_OPENSSL("openssl-fips", &opt_openssl_fips)
|
||||||
#endif
|
#endif
|
||||||
IF_OPENSSL("openssl-key", &opt_openssl_key)
|
IF_OPENSSL("openssl-key", &opt_openssl_key)
|
||||||
|
#if WITH_OPENSSL_METHOD
|
||||||
IF_OPENSSL("openssl-method", &opt_openssl_method)
|
IF_OPENSSL("openssl-method", &opt_openssl_method)
|
||||||
|
#endif
|
||||||
IF_OPENSSL("openssl-pseudo", &opt_openssl_pseudo)
|
IF_OPENSSL("openssl-pseudo", &opt_openssl_pseudo)
|
||||||
IF_OPENSSL("openssl-verify", &opt_openssl_verify)
|
IF_OPENSSL("openssl-verify", &opt_openssl_verify)
|
||||||
IF_TERMIOS("opost", &opt_opost)
|
IF_TERMIOS("opost", &opt_opost)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue