Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f952caa

Browse filesBrowse files
davidbenevanlucas
davidben
authored and
evanlucas
committed
crypto: clear some SSL_METHOD deprecation warnings
Fixing the rest will be rather involved. I think the cleanest option is to deprecate the method string APIs which are weird to begin with. PR-URL: #16130 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rod Vagg <rod@vagg.org>
1 parent a5e7255 commit f952caa
Copy full SHA for f952caa

File tree

Expand file treeCollapse file tree

1 file changed

+6
-4
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+6
-4
lines changed
Open diff view settings
Collapse file

‎src/node_crypto.cc‎

Copy file name to clipboardExpand all lines: src/node_crypto.cc
+6-4Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,8 @@ static int DH_set0_key(DH* dh, BIGNUM* pub_key, BIGNUM* priv_key) {
185185
return 1;
186186
}
187187

188+
static const SSL_METHOD* TLS_method() { return SSLv23_method(); }
189+
188190
static void SSL_SESSION_get0_ticket(const SSL_SESSION* s,
189191
const unsigned char** tick, size_t* len) {
190192
*len = s->tlsext_ticklen;
@@ -548,12 +550,12 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
548550
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
549551
Environment* env = sc->env();
550552

551-
const SSL_METHOD* method = SSLv23_method();
553+
const SSL_METHOD* method = TLS_method();
552554

553555
if (args.Length() == 1 && args[0]->IsString()) {
554556
const node::Utf8Value sslmethod(env->isolate(), args[0]);
555557

556-
// Note that SSLv2 and SSLv3 are disallowed but SSLv2_method and friends
558+
// Note that SSLv2 and SSLv3 are disallowed but SSLv23_method and friends
557559
// are still accepted. They are OpenSSL's way of saying that all known
558560
// protocols are supported unless explicitly disabled (which we do below
559561
// for SSLv2 and SSLv3.)
@@ -601,7 +603,7 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
601603
sc->ctx_ = SSL_CTX_new(method);
602604
SSL_CTX_set_app_data(sc->ctx_, sc);
603605

604-
// Disable SSLv2 in the case when method == SSLv23_method() and the
606+
// Disable SSLv2 in the case when method == TLS_method() and the
605607
// cipher list contains SSLv2 ciphers (not the default, should be rare.)
606608
// The bundled OpenSSL doesn't have SSLv2 support but the system OpenSSL may.
607609
// SSLv3 is disabled because it's susceptible to downgrade attacks (POODLE.)
@@ -5817,7 +5819,7 @@ void RandomBytesBuffer(const FunctionCallbackInfo<Value>& args) {
58175819
void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
58185820
Environment* env = Environment::GetCurrent(args);
58195821

5820-
SSL_CTX* ctx = SSL_CTX_new(TLSv1_server_method());
5822+
SSL_CTX* ctx = SSL_CTX_new(TLS_method());
58215823
CHECK_NE(ctx, nullptr);
58225824

58235825
SSL* ssl = SSL_new(ctx);

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.