Skip to content

Commit 694efa8

Browse files
davidbenrvagg
davidben
authored and
rvagg
committed
crypto: clear some SSL_METHOD deprecation warnings
Fixing the rest will be rather involved. I think the cleanest option is to deprecate the method string APIs which are weird to begin with. PR-URL: #16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
1 parent 63c2789 commit 694efa8

File tree

1 file changed

+6
-4
lines changed

1 file changed

+6
-4
lines changed

Diff for: src/node_crypto.cc

+6-4
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,8 @@ static int DH_set0_key(DH* dh, BIGNUM* pub_key, BIGNUM* priv_key) {
178178
return 1;
179179
}
180180

181+
static const SSL_METHOD* TLS_method() { return SSLv23_method(); }
182+
181183
static void SSL_SESSION_get0_ticket(const SSL_SESSION* s,
182184
const unsigned char** tick, size_t* len) {
183185
*len = s->tlsext_ticklen;
@@ -541,12 +543,12 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
541543
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
542544
Environment* env = sc->env();
543545

544-
const SSL_METHOD* method = SSLv23_method();
546+
const SSL_METHOD* method = TLS_method();
545547

546548
if (args.Length() == 1 && args[0]->IsString()) {
547549
const node::Utf8Value sslmethod(env->isolate(), args[0]);
548550

549-
// Note that SSLv2 and SSLv3 are disallowed but SSLv2_method and friends
551+
// Note that SSLv2 and SSLv3 are disallowed but SSLv23_method and friends
550552
// are still accepted. They are OpenSSL's way of saying that all known
551553
// protocols are supported unless explicitly disabled (which we do below
552554
// for SSLv2 and SSLv3.)
@@ -594,7 +596,7 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
594596
sc->ctx_ = SSL_CTX_new(method);
595597
SSL_CTX_set_app_data(sc->ctx_, sc);
596598

597-
// Disable SSLv2 in the case when method == SSLv23_method() and the
599+
// Disable SSLv2 in the case when method == TLS_method() and the
598600
// cipher list contains SSLv2 ciphers (not the default, should be rare.)
599601
// The bundled OpenSSL doesn't have SSLv2 support but the system OpenSSL may.
600602
// SSLv3 is disabled because it's susceptible to downgrade attacks (POODLE.)
@@ -5786,7 +5788,7 @@ void RandomBytesBuffer(const FunctionCallbackInfo<Value>& args) {
57865788
void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
57875789
Environment* env = Environment::GetCurrent(args);
57885790

5789-
SSL_CTX* ctx = SSL_CTX_new(TLSv1_server_method());
5791+
SSL_CTX* ctx = SSL_CTX_new(TLS_method());
57905792
CHECK_NE(ctx, nullptr);
57915793

57925794
SSL* ssl = SSL_new(ctx);

0 commit comments

Comments
 (0)