From 09a4760e6cbbda5c22c9935cfbfaadbae380056e Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Thu, 23 May 2019 11:48:27 -0600 Subject: * Code to limit versions of the encryption protocol uses old calls, and not the new calls. --- imap/src/osdep/unix/ssl_unix.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'imap/src') diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 21bf55ee..2362cc03 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -333,6 +333,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) X509 *cert; unsigned long sl,tl; int min, max; + int masklow, maskhigh; char *s,*t,*err,tmp[MAILTMPLEN], buf[256]; sslcertificatequery_t scq = (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); @@ -345,18 +346,9 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &min, &max)))) return "SSL context failed"; SSL_CTX_set_options (stream->context,0); -#ifdef OPENSSL_1_1_0 - if(stream->context != NIL && - ((min != 0 && SSL_CTX_set_min_proto_version(stream->context, min) == 0) || - (max != 0 && SSL_CTX_set_max_proto_version(stream->context, max) == 0))) - return "SSL set protocol version Failed"; -#else - { int masklow, maskhigh; - masklow = ssl_disable_mask(min, -1); - maskhigh = ssl_disable_mask(max, 1); - SSL_CTX_set_options(stream->context, masklow|maskhigh); - } -#endif /* OPENSSL_1_1_0 */ + masklow = ssl_disable_mask(min, -1); + maskhigh = ssl_disable_mask(max, 1); + SSL_CTX_set_options(stream->context, masklow|maskhigh); /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); -- cgit v1.2.3-70-g09d2