artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cf1dc5e)
SSLv3_client_method() doesn't support TLSv1.*; use SSLv23_client_method()
authorguenther <guenther@openbsd.org>
Wed, 16 Apr 2014 17:52:31 +0000 (17:52 +0000)
committerguenther <guenther@openbsd.org>
Wed, 16 Apr 2014 17:52:31 +0000 (17:52 +0000)
the for anything where version negotiation would be useful.
Also, constipate a couple formatting strings to make compilers and
linkers happier.

ok tedu@

lib/libssl/src/apps/ocsp.c patch | blob | history
lib/libssl/src/apps/s_time.c patch | blob | history

diff --git a/lib/libssl/src/apps/ocsp.c b/lib/libssl/src/apps/ocsp.c
index 1713467..e5edc30 100644 (file)
--- a/lib/libssl/src/apps/ocsp.c
+++ b/lib/libssl/src/apps/ocsp.c
@@ -1257,7 +1257,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port
 
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
        {
-       char http_resp[] = 
+       static const char http_resp[] = 
                "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
                "Content-Length: %d\r\n\r\n";
        if (!cbio)
@@ -1383,7 +1383,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
        if (use_ssl == 1)
                {
                BIO *sbio;
-               ctx = SSL_CTX_new(SSLv3_client_method());
+               ctx = SSL_CTX_new(SSLv23_client_method());
                if (ctx == NULL)
                        {
                        BIO_printf(err, "Error creating SSL context.\n");
diff --git a/lib/libssl/src/apps/s_time.c b/lib/libssl/src/apps/s_time.c
index 1ec2a97..5f02e5f 100644 (file)
--- a/lib/libssl/src/apps/s_time.c
+++ b/lib/libssl/src/apps/s_time.c
@@ -160,7 +160,7 @@ static void s_time_init(void)
  */
 static void s_time_usage(void)
 {
-       static char umsg[] = "\
+       static const char umsg[] = "\
 -time arg     - max number of seconds to collect data, default %d\n\
 -verify arg   - turn on peer certificate verification, arg == depth\n\
 -cert arg     - certificate file to use, PEM format assumed\n\
@@ -332,7 +332,7 @@ int MAIN(int argc, char **argv)
        if (bio_err == NULL)
                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
-       s_time_meth=SSLv3_client_method();
+       s_time_meth=SSLv23_client_method();
 
        /* parse the command line arguments */
        if( parseArgs( argc, argv ) < 0 )
OpenBSD src
by Ahmet Artu Yildirim