[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] SSLv23 method gone now
|
From: |
Thorsten Glaser |
|
Subject: |
Re: [Lynx-dev] SSLv23 method gone now |
|
Date: |
Tue, 19 May 2015 15:04:57 +0000 (UTC) |
Gisle Vanem dixit:
> +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
No. The change is not a property of the version number.
I have OpenSSL 0.9.7 (plus patches…) without SSLv{2,3}.
Index: HTTP.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -r1.26 -r1.27
--- HTTP.c 13 Mar 2014 04:46:43 -0000 1.26
+++ HTTP.c 4 Jan 2015 22:24:27 -0000 1.27
@@ -124,7 +124,11 @@ SSL *HTGetSSLHandle(void)
ssl_opts &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
SSLeay_add_ssl_algorithms();
+#if defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)
+ ssl_ctx = SSL_CTX_new(TLSv1_client_method());
+#else
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+#endif
SSL_CTX_set_options(ssl_ctx, ssl_opts);
SSL_CTX_set_default_verify_paths(ssl_ctx);
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, HTSSLCallback);
This should do the trick.
bye,
//mirabilos
--
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL