Use SSLv23_method always and disable SSL if needed. TLSv1_method() function is deprecated in OpenSSL 1.1.0 and the compiler emits a warning.
SSLv23_method() is also deprecated, but the alternative, TLS_method(), is new in OpenSSL 1.1.0 so requires checking by configure. Stick to SSLv23_method() for now (this is aliased to TLS_method()). Signed-off-by: Kazuki Yamaguchi <[email protected]> --- imap-send.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/imap-send.c b/imap-send.c index c5e24a35491d..f53380562c4d 100644 --- a/imap-send.c +++ b/imap-send.c @@ -287,11 +287,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve SSL_library_init(); SSL_load_error_strings(); - if (use_tls_only) - meth = TLSv1_method(); - else - meth = SSLv23_method(); - + meth = SSLv23_method(); if (!meth) { ssl_socket_perror("SSLv23_method"); return -1; @@ -303,6 +299,9 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve return -1; } + if (use_tls_only) + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + if (verify) SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); -- 2.8.1.104.g0d1aca6 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
