Changeset View
Changeset View
Standalone View
Standalone View
lib/libfetch/common.c
Show First 20 Lines • Show All 1,198 Lines • ▼ Show 20 Lines | ||||||||||
int | int | |||||||||
fetch_ssl(conn_t *conn, const struct url *URL, int verbose) | fetch_ssl(conn_t *conn, const struct url *URL, int verbose) | |||||||||
{ | { | |||||||||
#ifdef WITH_SSL | #ifdef WITH_SSL | |||||||||
int ret, ssl_err; | int ret, ssl_err; | |||||||||
X509_NAME *name; | X509_NAME *name; | |||||||||
char *str; | char *str; | |||||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||||||||||
/* Init the SSL library and context */ | /* Init the SSL library and context */ | |||||||||
if (!SSL_library_init()){ | if (!SSL_library_init()){ | |||||||||
fprintf(stderr, "SSL library init failed\n"); | fprintf(stderr, "SSL library init failed\n"); | |||||||||
return (-1); | return (-1); | |||||||||
} | } | |||||||||
SSL_load_error_strings(); | SSL_load_error_strings(); | |||||||||
#endif | ||||||||||
ngie: Does it make sense punting this no-op code forward instead of deleting it, given that supported… | ||||||||||
conn->ssl_meth = SSLv23_client_method(); | conn->ssl_meth = SSLv23_client_method(); | |||||||||
Not Done Inline Actions
This is the newer/non-deprecated name. ngie: This is the newer/non-deprecated name. | ||||||||||
conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); | conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); | |||||||||
SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); | SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); | |||||||||
fetch_ssl_setup_transport_layer(conn->ssl_ctx, verbose); | fetch_ssl_setup_transport_layer(conn->ssl_ctx, verbose); | |||||||||
if (!fetch_ssl_setup_peer_verification(conn->ssl_ctx, verbose)) | if (!fetch_ssl_setup_peer_verification(conn->ssl_ctx, verbose)) | |||||||||
return (-1); | return (-1); | |||||||||
if (!fetch_ssl_setup_client_certificate(conn->ssl_ctx, verbose)) | if (!fetch_ssl_setup_client_certificate(conn->ssl_ctx, verbose)) | |||||||||
return (-1); | return (-1); | |||||||||
▲ Show 20 Lines • Show All 583 Lines • Show Last 20 Lines |
Does it make sense punting this no-op code forward instead of deleting it, given that supported versions of FreeBSD (12.x, 13.x) have OpenSSL 1.1.1?