diff options
author | Eduardo Chappa <chappa@washington.edu> | 2019-05-23 11:48:27 -0600 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2019-05-23 11:48:27 -0600 |
commit | 09a4760e6cbbda5c22c9935cfbfaadbae380056e (patch) | |
tree | e7e38b0fbb6df05fb59ca833972fce37dd04032e /imap/src/osdep | |
parent | 74c603fbc6397e08b4914f535fcbc2361096bcf5 (diff) | |
download | alpine-09a4760e6cbbda5c22c9935cfbfaadbae380056e.tar.xz |
* Code to limit versions of the encryption protocol uses old calls,
and not the new calls.
Diffstat (limited to 'imap/src/osdep')
-rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 21bf55ee..2362cc03 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -333,6 +333,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) X509 *cert; unsigned long sl,tl; int min, max; + int masklow, maskhigh; char *s,*t,*err,tmp[MAILTMPLEN], buf[256]; sslcertificatequery_t scq = (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); @@ -345,18 +346,9 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &min, &max)))) return "SSL context failed"; SSL_CTX_set_options (stream->context,0); -#ifdef OPENSSL_1_1_0 - if(stream->context != NIL && - ((min != 0 && SSL_CTX_set_min_proto_version(stream->context, min) == 0) || - (max != 0 && SSL_CTX_set_max_proto_version(stream->context, max) == 0))) - return "SSL set protocol version Failed"; -#else - { int masklow, maskhigh; - masklow = ssl_disable_mask(min, -1); - maskhigh = ssl_disable_mask(max, 1); - SSL_CTX_set_options(stream->context, masklow|maskhigh); - } -#endif /* OPENSSL_1_1_0 */ + masklow = ssl_disable_mask(min, -1); + maskhigh = ssl_disable_mask(max, 1); + SSL_CTX_set_options(stream->context, masklow|maskhigh); /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); |