upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#8904 - Ensure SSLv3 is enabled when necessary

Browse source 
Either at compilation time, or as a system-wide configuration, OpenSSL
may have disabled SSLv3 protocol by default. This change ensures the
protocol NO flag is cleared when necessary, hence allowing for the
protocol to be used.
This commit is contained in:
Matus Honek 2021-02-25 17:05:17 +00:00 committed by Quanah Gibson-Mount
parent 00313d614e
commit 1cb4d2f0c9
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libraries/libldap/tls_o.c
View file

@ -317,8 +317,10 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
#endif
if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 )
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 )
else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 ) {
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 );
SSL_CTX_clear_options( ctx, SSL_OP_NO_SSLv3 );
}
if ( lo->ldo_tls_ciphersuite &&
!SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )