[glib-openssl] client: do not allow legacy server connections
- From: Ignacio Casal Quinteiro <icq src gnome org>
- To: commits-list gnome org
- Cc: 
- Subject: [glib-openssl] client: do not allow legacy server connections
- Date: Wed, 18 Oct 2017 15:43:57 +0000 (UTC)
commit 6ac32d239ee8193275e2c6a763527a29d6e3e2d6
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Wed Oct 18 17:36:51 2017 +0200
    client: do not allow legacy server connections
 tls/openssl/gtlsclientconnection-openssl.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 4a1bb39..9a60400 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -445,6 +445,8 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
             SSL_OP_NO_TLSv1_1;
   SSL_CTX_set_options (priv->ssl_ctx, options);
 
+  SSL_CTX_clear_options (priv->ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT);
+
   hostname = get_server_identity (client);
 
 #if OPENSSL_VERSION_NUMBER >= 0x10200000L && !defined (LIBRESSL_VERSION_NUMBER)
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]