Hi,
This is a minor fix, but the SSL_CTX_set_options() and
SSL_CTX_set_mode() functions take a long, not an int parameter. As
SSL_OP_ALL is now (since OpenSSL 1.0.0) defined as 0x8BFFL, I think
it is worth fixing.
Best regards,
--
Rémi Gacogne
Aqua Ray
SAS au capital de 105.720 Euros
RCS Créteil 447 997 099
www.aquaray.fr
14, rue Jules Vanzuppe
94854 IVRY-SUR-SEINE CEDEX (France)
Tel : (+33) (0)1 84 04 04 05
Fax : (+33) (0)1 77 65 60 42
From 1d0a3584b181412e12e993f531b3fd3303fc4600 Mon Sep 17 00:00:00 2001
From: Remi Gacogne rgacogne[at]aquaray[dot]fr
Date: Mon, 19 May 2014 10:29:58 +0200
Subject: [PATCH] SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not
an int
---
src/ssl_sock.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fd0b41f..880e727 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -728,7 +728,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
{
int cfgerr = 0;
int verify = SSL_VERIFY_NONE;
- int ssloptions =
+ long ssloptions =
SSL_OP_ALL | /* all known workarounds for bugs */
SSL_OP_NO_SSLv2 |
SSL_OP_NO_COMPRESSION |
@@ -736,7 +736,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
SSL_OP_SINGLE_ECDH_USE |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
SSL_OP_CIPHER_SERVER_PREFERENCE;
- int sslmode =
+ long sslmode =
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_RELEASE_BUFFERS;
@@ -995,11 +995,11 @@ static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
{
int cfgerr = 0;
- int options =
+ long options =
SSL_OP_ALL | /* all known workarounds for bugs */
SSL_OP_NO_SSLv2 |
SSL_OP_NO_COMPRESSION;
- int mode =
+ long mode =
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_RELEASE_BUFFERS;
--
1.9.3
signature.asc
Description: OpenPGP digital signature
