Skip to content

Commit 27deb44

Browse files
yhiroseyhirose
committed
Update SSL related code
1 parent 24a3ef9 commit 27deb44

File tree

1 file changed

+13
-25
lines changed

1 file changed

+13
-25
lines changed

httplib.h

Lines changed: 13 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -7127,64 +7127,50 @@ static SSLInit sslinit_;
71277127
inline SSLServer::SSLServer(const char *cert_path, const char *private_key_path,
71287128
const char *client_ca_cert_file_path,
71297129
const char *client_ca_cert_dir_path) {
7130-
ctx_ = SSL_CTX_new(TLS_method());
7130+
ctx_ = SSL_CTX_new(TLS_server_method());
71317131

71327132
if (ctx_) {
71337133
SSL_CTX_set_options(ctx_,
7134-
SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
7135-
SSL_OP_NO_COMPRESSION |
7134+
SSL_OP_NO_COMPRESSION |
71367135
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
71377136

7138-
// auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
7139-
// SSL_CTX_set_tmp_ecdh(ctx_, ecdh);
7140-
// EC_KEY_free(ecdh);
7137+
SSL_CTX_set_min_proto_version(ctx_, TLS1_1_VERSION);
71417138

71427139
if (SSL_CTX_use_certificate_chain_file(ctx_, cert_path) != 1 ||
71437140
SSL_CTX_use_PrivateKey_file(ctx_, private_key_path, SSL_FILETYPE_PEM) !=
71447141
1) {
71457142
SSL_CTX_free(ctx_);
71467143
ctx_ = nullptr;
71477144
} else if (client_ca_cert_file_path || client_ca_cert_dir_path) {
7148-
// if (client_ca_cert_file_path) {
7149-
// auto list = SSL_load_client_CA_file(client_ca_cert_file_path);
7150-
// SSL_CTX_set_client_CA_list(ctx_, list);
7151-
// }
7152-
71537145
SSL_CTX_load_verify_locations(ctx_, client_ca_cert_file_path,
71547146
client_ca_cert_dir_path);
71557147

71567148
SSL_CTX_set_verify(
7157-
ctx_,
7158-
SSL_VERIFY_PEER |
7159-
SSL_VERIFY_FAIL_IF_NO_PEER_CERT, // SSL_VERIFY_CLIENT_ONCE,
7160-
nullptr);
7149+
ctx_, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
71617150
}
71627151
}
71637152
}
71647153

71657154
inline SSLServer::SSLServer(X509 *cert, EVP_PKEY *private_key,
71667155
X509_STORE *client_ca_cert_store) {
7167-
ctx_ = SSL_CTX_new(SSLv23_server_method());
7156+
ctx_ = SSL_CTX_new(TLS_server_method());
71687157

71697158
if (ctx_) {
71707159
SSL_CTX_set_options(ctx_,
7171-
SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
7172-
SSL_OP_NO_COMPRESSION |
7160+
SSL_OP_NO_COMPRESSION |
71737161
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
71747162

7163+
SSL_CTX_set_min_proto_version(ctx_, TLS1_1_VERSION);
7164+
71757165
if (SSL_CTX_use_certificate(ctx_, cert) != 1 ||
71767166
SSL_CTX_use_PrivateKey(ctx_, private_key) != 1) {
71777167
SSL_CTX_free(ctx_);
71787168
ctx_ = nullptr;
71797169
} else if (client_ca_cert_store) {
7180-
71817170
SSL_CTX_set_cert_store(ctx_, client_ca_cert_store);
71827171

71837172
SSL_CTX_set_verify(
7184-
ctx_,
7185-
SSL_VERIFY_PEER |
7186-
SSL_VERIFY_FAIL_IF_NO_PEER_CERT, // SSL_VERIFY_CLIENT_ONCE,
7187-
nullptr);
7173+
ctx_, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
71887174
}
71897175
}
71907176
}
@@ -7249,12 +7235,13 @@ inline SSLClient::SSLClient(const std::string &host, int port,
72497235
const std::string &client_cert_path,
72507236
const std::string &client_key_path)
72517237
: ClientImpl(host, port, client_cert_path, client_key_path) {
7252-
ctx_ = SSL_CTX_new(SSLv23_client_method());
7238+
ctx_ = SSL_CTX_new(TLS_client_method());
72537239

72547240
detail::split(&host_[0], &host_[host_.size()], '.',
72557241
[&](const char *b, const char *e) {
72567242
host_components_.emplace_back(std::string(b, e));
72577243
});
7244+
72587245
if (!client_cert_path.empty() && !client_key_path.empty()) {
72597246
if (SSL_CTX_use_certificate_file(ctx_, client_cert_path.c_str(),
72607247
SSL_FILETYPE_PEM) != 1 ||
@@ -7269,12 +7256,13 @@ inline SSLClient::SSLClient(const std::string &host, int port,
72697256
inline SSLClient::SSLClient(const std::string &host, int port,
72707257
X509 *client_cert, EVP_PKEY *client_key)
72717258
: ClientImpl(host, port) {
7272-
ctx_ = SSL_CTX_new(SSLv23_client_method());
7259+
ctx_ = SSL_CTX_new(TLS_client_method());
72737260

72747261
detail::split(&host_[0], &host_[host_.size()], '.',
72757262
[&](const char *b, const char *e) {
72767263
host_components_.emplace_back(std::string(b, e));
72777264
});
7265+
72787266
if (client_cert != nullptr && client_key != nullptr) {
72797267
if (SSL_CTX_use_certificate(ctx_, client_cert) != 1 ||
72807268
SSL_CTX_use_PrivateKey(ctx_, client_key) != 1) {

0 commit comments

Comments
 (0)