summaryrefslogtreecommitdiff
path: root/imap/src
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2019-05-23 11:48:27 -0600
committerEduardo Chappa <chappa@washington.edu>2019-05-23 11:48:27 -0600
commit09a4760e6cbbda5c22c9935cfbfaadbae380056e (patch)
treee7e38b0fbb6df05fb59ca833972fce37dd04032e /imap/src
parent74c603fbc6397e08b4914f535fcbc2361096bcf5 (diff)
downloadalpine-09a4760e6cbbda5c22c9935cfbfaadbae380056e.tar.xz
* Code to limit versions of the encryption protocol uses old calls,
and not the new calls.
Diffstat (limited to 'imap/src')
-rw-r--r--imap/src/osdep/unix/ssl_unix.c16
1 files changed, 4 insertions, 12 deletions
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index 21bf55ee..2362cc03 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -333,6 +333,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
X509 *cert;
unsigned long sl,tl;
int min, max;
+ int masklow, maskhigh;
char *s,*t,*err,tmp[MAILTMPLEN], buf[256];
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
@@ -345,18 +346,9 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &min, &max))))
return "SSL context failed";
SSL_CTX_set_options (stream->context,0);
-#ifdef OPENSSL_1_1_0
- if(stream->context != NIL &&
- ((min != 0 && SSL_CTX_set_min_proto_version(stream->context, min) == 0) ||
- (max != 0 && SSL_CTX_set_max_proto_version(stream->context, max) == 0)))
- return "SSL set protocol version Failed";
-#else
- { int masklow, maskhigh;
- masklow = ssl_disable_mask(min, -1);
- maskhigh = ssl_disable_mask(max, 1);
- SSL_CTX_set_options(stream->context, masklow|maskhigh);
- }
-#endif /* OPENSSL_1_1_0 */
+ masklow = ssl_disable_mask(min, -1);
+ maskhigh = ssl_disable_mask(max, 1);
+ SSL_CTX_set_options(stream->context, masklow|maskhigh);
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);