aniani/icecast-server
1
0
Fork 0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-12-04 14:46:30 -05:00
Code

Merge branch 'openssl-fixups'

Browse Source
This commit is contained in:
Philipp Schafft 2019-04-24 17:22:37 +00:00
commit 7aaf0c0e86
1 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/tls.c
View File

@ -56,22 +56,23 @@ struct tls_tag {
void tls_initialize(void)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings(); /* readable error messages */
SSL_library_init(); /* initialize library */
#endif
}
void tls_shutdown(void)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_free_strings();
#endif
}
tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *cipher_list)
{
tls_ctx_t *ctx;
#if OPENSSL_VERSION_NUMBER < 0x1000114fL
SSL_METHOD *method;
#else
const SSL_METHOD *method;
#endif
long ssl_opts;
long ssl_opts = 0;
if (!cert_file || !key_file || !cipher_list)
return NULL;
@ -80,18 +81,26 @@ tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *
if (!ctx)
return NULL;
method = SSLv23_server_method();
ctx->refc = 1;
ctx->ctx = SSL_CTX_new(method);
ssl_opts = SSL_CTX_get_options(ctx->ctx);
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(ctx->ctx, ssl_opts|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ctx->ctx = SSL_CTX_new(SSLv23_server_method());
ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
#else
SSL_CTX_set_options(ctx->ctx, ssl_opts|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
ctx->ctx = SSL_CTX_new(TLS_server_method());
SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_VERSION);
#endif
#ifdef SSL_OP_NO_COMPRESSION
ssl_opts |= SSL_OP_NO_COMPRESSION; // Never use compression
#endif
/* Even though this function is called set, it adds the
* flags to the already existing flags (possibly default
* flags already set by OpenSSL)!
* Calling SSL_CTX_get_options is not needed here, therefore.
*/
SSL_CTX_set_options(ctx->ctx, ssl_opts);
do {
if (SSL_CTX_use_certificate_chain_file(ctx->ctx, cert_file) <= 0) {
ICECAST_LOG_WARN("Invalid cert file %s", cert_file);