Merge pull request #5025 from DustPuppyNet/openssl_1_1_1

fix for connection with openssl 1.1.1
This commit is contained in:
Bernhard Miklautz 2018-11-19 08:57:53 +00:00 committed by GitHub
commit 3eb46444e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -650,6 +650,11 @@ static BOOL tls_prepare(rdpTls* tls, BIO* underlying, SSL_METHOD* method,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_options(tls->ctx, options);
SSL_CTX_set_read_ahead(tls->ctx, 1);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_min_proto_version(tls->ctx, TLS1_VERSION); /* min version */
SSL_CTX_set_max_proto_version(tls->ctx, 0); /* highest supported version by library */
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_security_level(tls->ctx, settings->TlsSecLevel);
@ -840,6 +845,8 @@ int tls_connect(rdpTls* tls, BIO* underlying)
* support empty fragments. This needs to be disabled.
*/
options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/**
* disable SSLv2 and SSLv3
*/
@ -847,6 +854,9 @@ int tls_connect(rdpTls* tls, BIO* underlying)
options |= SSL_OP_NO_SSLv3;
if (!tls_prepare(tls, underlying, SSLv23_client_method(), options, TRUE))
#else
if (!tls_prepare(tls, underlying, TLS_client_method(), options, TRUE))
#endif
return FALSE;
#if !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER)