[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[minion-cvs] Stopgap fix to earlier bugfix.



Update of /home/minion/cvsroot/src/minion/src
In directory moria.mit.edu:/tmp/cvs-serv20020/src

Modified Files:
      Tag: mixminion-v0-0-5-patches
	tls.c 
Log Message:
Stopgap fix to earlier bugfix.

It seems that the *method() calls in OpenSSL are not as versitile as I
hoped, and that a TLSv1 server (all existing servers!) will not talk
to a SSL23 client (oops!).

[SSL23 means "connect with ssl2, ssl3, or tls1."  We disable SSL2.]

The right solution is to make all code continue to use TLSv1 for
clients, and use SSL23 for servers (which the clients can force into
TLSv1 more).  With 0.0.7, we can make the clients go SSL23 as well.



Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.26.2.2
retrieving revision 1.26.2.3
diff -u -d -r1.26.2.2 -r1.26.2.3
--- tls.c	17 Oct 2003 13:28:03 -0000	1.26.2.2
+++ tls.c	19 Oct 2003 04:06:19 -0000	1.26.2.3
@@ -139,7 +139,7 @@
         Py_BEGIN_ALLOW_THREADS;
 
         /* Allow SSL2 and SSL3 and TLS1 */
-        if (!(ctx = SSL_CTX_new(SSLv23_method())))
+        if (!(ctx = SSL_CTX_new(TLSv1_method())))
                 err = 1;
         /* But not actually SSL2. */
         SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);