Fossil SCM

Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it.

dmitry 2011-09-24 01:39 trunk

Commit ea1d369d23c68f79fd65be999d6a57632404704c

Parent 1f498a6ef26bb81…

1 file changed +2

M src/http_ssl.c

		--- src/http_ssl.c
		+++ src/http_ssl.c
		@@ -104,10 +104,12 @@
104	104	SSL_library_init();
105	105	SSL_load_error_strings();
106	106	ERR_load_BIO_strings();
107	107	OpenSSL_add_all_algorithms();
108	108	sslCtx = SSL_CTX_new(SSLv23_client_method());
	109	+ /* Disable SSLv2 */
	110	+ SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2);
109	111
110	112	/* Set up acceptable CA root certificates */
111	113	zCaSetting = db_get("ssl-ca-location", 0);
112	114	if( zCaSetting==0 \|\| zCaSetting[0]=='\0' ){
113	115	/* CA location not specified, use platform's default certificate store */
114	116

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -104,10 +104,12 @@
104	SSL_library_init();
105	SSL_load_error_strings();
106	ERR_load_BIO_strings();
107	OpenSSL_add_all_algorithms();
108	sslCtx = SSL_CTX_new(SSLv23_client_method());


109
110	/* Set up acceptable CA root certificates */
111	zCaSetting = db_get("ssl-ca-location", 0);
112	if( zCaSetting==0 \|\| zCaSetting[0]=='\0' ){
113	/* CA location not specified, use platform's default certificate store */
114

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -104,10 +104,12 @@
104	SSL_library_init();
105	SSL_load_error_strings();
106	ERR_load_BIO_strings();
107	OpenSSL_add_all_algorithms();
108	sslCtx = SSL_CTX_new(SSLv23_client_method());
109	/* Disable SSLv2 */
110	SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2);
111
112	/* Set up acceptable CA root certificates */
113	zCaSetting = db_get("ssl-ca-location", 0);
114	if( zCaSetting==0 \|\| zCaSetting[0]=='\0' ){
115	/* CA location not specified, use platform's default certificate store */
116