[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Backport TLS fix fix.
Update of /home/minion/cvsroot/src/minion/src
In directory moria.mit.edu:/tmp/cvs-serv17908/src
Modified Files:
Tag: mixminion-v0-0-5-patches
tls.c
Log Message:
Backport TLS fix fix.
Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.26.2.3
retrieving revision 1.26.2.4
diff -u -d -r1.26.2.3 -r1.26.2.4
--- tls.c 19 Oct 2003 04:06:19 -0000 1.26.2.3
+++ tls.c 27 Oct 2003 13:23:05 -0000 1.26.2.4
@@ -1,4 +1,4 @@
-/* Copyright (c) 2002 Nick Mathewson. See LICENSE for licensing information */
+/* Copyright (c) 2002-2003 Nick Mathewson. See LICENSE for licensing information */
/* $Id$ */
#include "_minionlib.h"
@@ -122,6 +122,7 @@
mm_RSA *rsa = NULL;
int err = 0;
+ SSL_METHOD *method = NULL;
SSL_CTX *ctx = NULL;
DH *dh = NULL;
BIO *bio = NULL;
@@ -138,11 +139,20 @@
Py_BEGIN_ALLOW_THREADS;
+ if (certfile) {
+ /* Accept SSL2 and SSL3 and TLS1. */
+ method = SSLv23_method();
+ } else {
+ /* Generate only TLS1. */
+ method = TLSv1_method();
+ }
/* Allow SSL2 and SSL3 and TLS1 */
- if (!(ctx = SSL_CTX_new(TLSv1_method())))
+ if (!(ctx = SSL_CTX_new(method)))
err = 1;
/* But not actually SSL2. */
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+ if (certfile) {
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+ }
if (!err && !SSL_CTX_set_cipher_list(ctx,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA))
err = 1;