-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revise ASecureSocket::OpenSSLProtocol and associated Client/Server methods #3
Comments
Hello, |
See #4 |
Merged ! Thanks ! Compiles and works fine under Ubuntu 18 but not under Centos 7 : the TLS_client_method() and TLS_server_method() are not available in the older versions of OpenSSL. I had to compile and install the latest version somewhere on my Centos 7 machine and modify the CMakeLists.txt to make it compile. Maybe we should use a macro or something to let the library compiles with the older versions of OpenSSL (example : xrootd/xrootd#355) |
I'd put a single outcommented define via the CMakeLists.txt, like "add_compile_definitions(NO_FLEXIBLE_METHOD)", that may be activated. The new methods are available in all current OpenSSL versions (1.0.2 and 1.1.0), and as OpenSSL is the last library one shouldn't keep up to date ^^, I wouldn't put that much work into it. |
Are you sure for the 1.0.2 version ? because In Centos 7, the version that you can install via yum is "1.0.2k". |
Excuse me, I meant 1.0.2q and 1.1.0j. |
ASecureSocket::OpenSSLProtocol is used in ASecureSocket::SetUpCtxClient and ASecureSocket::SetUpCtxServer for defining the correct socket method.
As now all client and server methods besides "TLS_client_method()" and "TLS_server_method()" are deprecated, ASecureSocket::OpenSSLProtocol should be revised. Also, the current ASecureSocket::OpenSSLProtocol does not allow choosing TLS v1.2 or v1.1.
I'd propose to add "TLS" to ASecureSocket::OpenSSLProtocol and add
ASecureSocket::SetUpCtxClient
case OpenSSLProtocol::TLS:
Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLS_client_method());
break;
ASecureSocket::SetUpCtxServer
case OpenSSLProtocol::TLS:
Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLS_server_method());
break;
Thanks!
The text was updated successfully, but these errors were encountered: