Changeset 37358 in project


Ignore:
Timestamp:
03/11/19 17:56:43 (3 months ago)
Author:
wasamasa
Message:

Drop SSLv2/v3 support

File:
1 edited

Legend:

Unmodified
Added
Removed

  • release/5/openssl/trunk/openssl.scm

    r36870 r37358  
    178178           "return(ctx);\n")
    179179          (case protocol
    180             ((sslv2-or-v3)
    181              (if server
    182                  ((foreign-lambda c-pointer "SSLv23_server_method"))
    183                  ((foreign-lambda c-pointer "SSLv23_client_method"))))
    184             ((sslv3)
    185              (if server
    186                  ((foreign-lambda c-pointer "SSLv3_server_method"))
    187                  ((foreign-lambda c-pointer "SSLv3_client_method"))))
     180            ((sslv2-or-v3 sslv3)
     181             (abort
     182              (make-composite-condition
     183               (make-property-condition
     184                'exn
     185                'message "obsolete SSL connection protocol"
     186                'location 'ssl-ctx-new
     187                'arguments (list protocol))
     188               (make-property-condition
     189                'type))))
    188190            ((tls tlsv1)
    189191             (if server
     
    597599  (context ssl-unwrap-client-context))
    598600
    599 (define (ssl-make-client-context #!optional (protocol 'sslv2-or-v3))
     601(define (ssl-make-client-context #!optional (protocol 'tls))
    600602  (ssl-wrap-client-context (ssl-ctx-new protocol #f)))
    601603
     
    606608
    607609;; connect to SSL server
    608 (define (ssl-connect hostname #!optional port (ctx 'sslv2-or-v3) sni-name)
     610(define (ssl-connect hostname #!optional port (ctx 'tls) sni-name)
    609611  (let* ((ctx
    610612          (if (ssl-client-context? ctx)
     
    665667                    tcp-read-timeout tcp-write-timeout)))))
    666668
    667 (define (ssl-listen port #!optional (backlog 4) (hostname #f) (protocol 'sslv2-or-v3))
     669(define (ssl-listen port #!optional (backlog 4) (hostname #f) (protocol 'tls))
    668670  (ssl-wrap-listener
    669671   (ssl-ctx-new protocol #t)
     
    796798               (ssl-unwrap-context obj))
    797799             1)
    798       (ssl-abort 'ssl-load-verify-root-certificates! #f pathname dirname)))
     800      (ssl-abort 'ssl-load-verify-root-certificates! #f pathname dirname))
    799801    (unless (eq?
    800802             ((foreign-lambda
     
    802804              (ssl-unwrap-context obj) pathname dirname)
    803805             1)
    804       (ssl-abort 'ssl-load-verify-root-certificates! #f pathname dirname)))
     806      (ssl-abort 'ssl-load-verify-root-certificates! #f pathname dirname))))
    805807
    806808;; load suggested root certificates into SSL context
Note: See TracChangeset for help on using the changeset viewer.