On 09/07/2017 01:14 AM, Daniel Stenberg wrote:
On Wed, 6 Sep 2017, Ben Greear wrote:
Is there a good fix for this warning, or do I just need to turn off strict
warnings?
...
vtls/openssl.c: In function ‘ossl_connect_step1’:
vtls/openssl.c:2091:5: warning: ‘SSLv3_client_method’ is deprecated
[-Wdeprecated-declarations]
req_method = SSLv3_client_method();
Your OpenSSL headers should define OPENSSL_NO_SSL3 so that libcurl won't try to
use SSLv3. When OPENSSL_NO_SSL3 is defined, there's no warning.
I think the warning you see serves its purpose exactly: it warns you that you
have SSLv3 enabled (and thus libcurl will get built to be able to use it).
There should be very little reason to have SSLv3 enabled in any software these
days.
[greearb@v-f26-64 openssl]$ grep NO_SSL3 *
ssl.h:# ifndef OPENSSL_NO_SSL3_METHOD
[greearb@v-f26-64 openssl]$ pwd
/usr/include/openssl
[greearb@v-f26-64 openssl]$
Anyway, I ended up editing the openssl include file to remove the deprecated
mark
from that method.
My use case is testing equipment/software, so it is probably better for me to
support using
a wide range of ssl just in case someone wants to test with it. Hopefully by
default it
will use something more recent.
Thanks,
Ben
--
Ben Greear <[email protected]>
Candela Technologies Inc http://www.candelatech.com
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
