Commit e824e48f authored by Marvin Scholz's avatar Marvin Scholz

Cleanup: Remove unnecessary SSL_CTX_get_options

According to the documentation the current option state is not cleared
but the options are added to the current options, so gettin the
current options seems redundant to the behavior of SSL_CTX_set_options:

> SSL_CTX_set_options() adds the options set via bitmask in options
> to ctx. Options already set before are not cleared!
parent 14ba90fc
......@@ -80,12 +80,16 @@ tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *
ctx->refc = 1;
ctx->ctx = SSL_CTX_new(SSLv23_server_method());
ssl_opts = SSL_CTX_get_options(ctx->ctx);
ssl_opts |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
#ifdef SSL_OP_NO_COMPRESSION
ssl_opts |= SSL_OP_NO_COMPRESSION; // Never use compression
#endif
/* Even though this function is called set, it adds the
* flags to the already existing flags (possibly default
* flags already set by OpenSSL)!
* Calling SSL_CTX_get_options is not needed here, therefore.
*/
SSL_CTX_set_options(ctx->ctx, ssl_opts);
do {
if (SSL_CTX_use_certificate_chain_file(ctx->ctx, cert_file) <= 0) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment