summaryrefslogtreecommitdiff
path: root/imap/src
diff options
context:
space:
mode:
Diffstat (limited to 'imap/src')
-rw-r--r--imap/src/osdep/unix/ssl_unix.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index 2362cc03..04da2d34 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -248,18 +248,43 @@ const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max)
if(client_request < *min || client_request > *max)
return NIL; /* out of range? bail out */
+ /* Some Linux distributors seem to believe that it is ok to disable some of
+ * these methods for their users, so we have to test that every requested
+ * method has actually been compiled in into their openssl/libressl library.
+ * Oh well...
+ */
#ifndef OPENSSL_1_1_0
if(client_request == SSL3_VERSION)
+#ifndef OPENSSL_NO_SSL3_METHOD
return SSLv3_client_method();
+#else
+ return NIL;
+#endif /* OPENSSL_NO_SSL3_METHOD */
else if(client_request == TLS1_VERSION)
+#ifndef OPENSSL_NO_TLS1_METHOD
return TLSv1_client_method();
+#else
+ return NIL;
+#endif /* OPENSSL_NO_TLS1_METHOD */
else if(client_request == TLS1_1_VERSION)
+#ifndef OPENSSL_NO_TLS1_1_METHOD
return TLSv1_1_client_method();
+#else
+ return NIL;
+#endif /* OPENSSL_NO_TLS1_1_METHOD */
else if(client_request == TLS1_2_VERSION)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
return TLSv1_2_client_method();
+#else
+ return NIL;
+#endif /* OPENSSL_NO_TLS1_2_METHOD */
#ifdef TLS1_3_VERSION /* this is only reachable if TLS1_3 support exists */
else if(client_request == TLS1_3_VERSION)
+#ifndef OPENSSL_NO_TLS1_3_METHOD
return TLS_client_method();
+#else
+ return NIL;
+#endif /* #ifndef OPENSSL_NO_TLS1_2_METHOD */
#endif /* TLS1_3_VERSION */
#endif /* ifndef OPENSSL_1_1_0 */