Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revise ASecureSocket::OpenSSLProtocol and associated Client/Server methods #3

Open
408b7f8b opened this issue Nov 22, 2018 · 6 comments

Comments

@408b7f8b
Copy link
Contributor

ASecureSocket::OpenSSLProtocol is used in ASecureSocket::SetUpCtxClient and ASecureSocket::SetUpCtxServer for defining the correct socket method.
As now all client and server methods besides "TLS_client_method()" and "TLS_server_method()" are deprecated, ASecureSocket::OpenSSLProtocol should be revised. Also, the current ASecureSocket::OpenSSLProtocol does not allow choosing TLS v1.2 or v1.1.

I'd propose to add "TLS" to ASecureSocket::OpenSSLProtocol and add

ASecureSocket::SetUpCtxClient
case OpenSSLProtocol::TLS:
Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLS_client_method());
break;

ASecureSocket::SetUpCtxServer
case OpenSSLProtocol::TLS:
Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLS_server_method());
break;

Thanks!

@embeddedmz
Copy link
Owner

Hello,
That sounds good ! You can make a pull request and I will merge it.
Thanks.

@408b7f8b
Copy link
Contributor Author

See #4

@embeddedmz
Copy link
Owner

embeddedmz commented Nov 23, 2018

Merged ! Thanks !

Compiles and works fine under Ubuntu 18 but not under Centos 7 : the TLS_client_method() and TLS_server_method() are not available in the older versions of OpenSSL. I had to compile and install the latest version somewhere on my Centos 7 machine and modify the CMakeLists.txt to make it compile.

Maybe we should use a macro or something to let the library compiles with the older versions of OpenSSL (example : xrootd/xrootd#355)

@408b7f8b
Copy link
Contributor Author

I'd put a single outcommented define via the CMakeLists.txt, like "add_compile_definitions(NO_FLEXIBLE_METHOD)", that may be activated. The new methods are available in all current OpenSSL versions (1.0.2 and 1.1.0), and as OpenSSL is the last library one shouldn't keep up to date ^^, I wouldn't put that much work into it.

@embeddedmz
Copy link
Owner

Are you sure for the 1.0.2 version ? because In Centos 7, the version that you can install via yum is "1.0.2k".

@408b7f8b
Copy link
Contributor Author

Excuse me, I meant 1.0.2q and 1.1.0j.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants