imap-send: avoid deprecated TLSv1_method()

Use SSLv23_method always and disable SSL if needed. TLSv1_method() function is deprecated in OpenSSL 1.1.0 and the compiler emits a warning. SSLv23_method() is also deprecated, but the alternative, TLS_method(), is new in OpenSSL 1.1.0 so requires checking by configure. Stick to SSLv23_method() for now (this is aliased to TLS_method()). Signed-off-by: Kazuki Yamaguchi <k@rhe.jp> Signed-off-by: Junio C Hamano <gitster@pobox.com>
9 years ago · b51c0d4b4c
1 changed files with 4 additions and 5 deletions
--- a/imap-send.c
+++ b/imap-send.c
@ -287,11 +287,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
				@@ -287,11 +287,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
 	SSL_library_init();
 	SSL_load_error_strings();

-	if (use_tls_only)
-		meth = TLSv1_method();
-	else
-		meth = SSLv23_method();
-
+	meth = SSLv23_method();
 	if (!meth) {
 		ssl_socket_perror("SSLv23_method");
 		return -1;
@ -303,6 +299,9 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
				@@ -303,6 +299,9 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
 		return -1;
 	}

+	if (use_tls_only)
+		SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
 	if (verify)
 		SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);