Use SSLv23_method always and disable SSL if needed.
TLSv1_method() function is deprecated in OpenSSL 1.1.0 and the compiler
emits a warning.
SSLv23_method() is also deprecated, but the alternative, TLS_method(),
is new in OpenSSL 1.1.0 so requires checking by configure. Stick to
SSLv23_method() for now (this is aliased to TLS_method()).
Signed-off-by: Kazuki Yamaguchi <k@xxxxxx>
---
imap-send.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/imap-send.c b/imap-send.c
index c5e24a35491d..f53380562c4d 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -287,11 +287,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
SSL_library_init();
SSL_load_error_strings();
- if (use_tls_only)
- meth = TLSv1_method();
- else
- meth = SSLv23_method();
-
+ meth = SSLv23_method();
if (!meth) {
ssl_socket_perror("SSLv23_method");
return -1;
@@ -303,6 +299,9 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
return -1;
}
+ if (use_tls_only)
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
if (verify)
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
--
2.8.1.104.g0d1aca6
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html