--- src/ssl_support.c.orig 2010-03-15 04:20:45.000000000 +1100
+++ src/ssl_support.c 2019-09-10 13:35:14.000000000 +1000
@@ -110,7 +110,7 @@ static int
ssl_verify_cb(int ok, X509_STORE_CTX * ctx)
{
char buffer[256];
- X509 *peer_cert = ctx->cert;
+ X509 *peer_cert = X509_STORE_CTX_get0_cert(ctx);
X509_NAME_oneline(X509_get_subject_name(peer_cert), buffer,
sizeof(buffer));
@@ -118,7 +118,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * c
if (ok) {
debug(83, 5) ("SSL Certificate signature OK: %s\n", buffer);
} else {
- switch (ctx->error) {
+ switch (X509_STORE_CTX_get_error(ctx)) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
debug(83, 5) ("SSL Certficate error: CA not known: %s\n", buffer);
break;
@@ -136,7 +136,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * c
break;
default:
debug(83, 1) ("SSL unknown certificate error %d in %s\n",
- ctx->error, buffer);
+ X509_STORE_CTX_get_error(ctx), buffer);
break;
}
}
@@ -446,19 +446,13 @@ sslCreateServerContext(const char *certf
ERR_clear_error();
debug(83, 1) ("Initialising SSL.\n");
switch (version) {
- case 2:
- debug(83, 5) ("Using SSLv2.\n");
- method = SSLv2_server_method();
- break;
- case 3:
- debug(83, 5) ("Using SSLv3.\n");
- method = SSLv3_server_method();
- break;
case 4:
debug(83, 5) ("Using TLSv1.\n");
method = TLSv1_server_method();
break;
case 1:
+ case 2:
+ case 3:
default:
debug(83, 5) ("Using SSLv2/SSLv3.\n");
method = SSLv23_server_method();
@@ -609,19 +603,13 @@ sslCreateClientContext(const char *certf
ERR_clear_error();
debug(83, 1) ("Initialising SSL.\n");
switch (version) {
- case 2:
- debug(83, 5) ("Using SSLv2.\n");
- method = SSLv2_client_method();
- break;
- case 3:
- debug(83, 5) ("Using SSLv3.\n");
- method = SSLv3_client_method();
- break;
case 4:
debug(83, 5) ("Using TLSv1.\n");
method = TLSv1_client_method();
break;
case 1:
+ case 2:
+ case 3:
default:
debug(83, 5) ("Using SSLv2/SSLv3.\n");
method = SSLv23_client_method();