Fossil

Check-in [ea1d369d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: ea1d369d23c68f79fd65be999d6a57632404704c
User & Date: dmitry 2011-09-24 01:39:02.713
Context
2011-09-25
11:14
Fix double LI tags when listing wiki attachments for users without permissions. ... (check-in: 12272b7f user: dmitry tags: trunk)
2011-09-24
01:39
Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it. ... (check-in: ea1d369d user: dmitry tags: trunk)
2011-09-19
20:16
Remove obsolete files ... (check-in: 1f498a6e user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/http_ssl.c.
102
103
104
105
106
107
108


109
110
111
112
113
114
115
  
  if( sslIsInit==0 ){
    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();    
    sslCtx = SSL_CTX_new(SSLv23_client_method());


    
    /* Set up acceptable CA root certificates */
    zCaSetting = db_get("ssl-ca-location", 0);
    if( zCaSetting==0 || zCaSetting[0]=='\0' ){
      /* CA location not specified, use platform's default certificate store */
      X509_STORE_set_default_paths(SSL_CTX_get_cert_store(sslCtx));
    }else{







>
>







102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
  
  if( sslIsInit==0 ){
    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();    
    sslCtx = SSL_CTX_new(SSLv23_client_method());
    /* Disable SSLv2 */
    SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2);
    
    /* Set up acceptable CA root certificates */
    zCaSetting = db_get("ssl-ca-location", 0);
    if( zCaSetting==0 || zCaSetting[0]=='\0' ){
      /* CA location not specified, use platform's default certificate store */
      X509_STORE_set_default_paths(SSL_CTX_get_cert_store(sslCtx));
    }else{