isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Use TLS_method() instead of TLS_client_method() throughout.

Browse Source 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
This commit is contained in:
Todd C. Miller
2021-07-26 13:40:25 -06:00
parent 532e00aa2b
commit 36fbb13c4c
7 changed files with 11 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
logsrvd/tls_init.c
View File

@@ -191,7 +191,7 @@ init_tls_context(const char *ca_bundle_file, const char *cert_file,
}
/* Create the ssl context and enforce TLS 1.2 or higher. */
if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) {
if ((ctx = SSL_CTX_new(TLS_method())) == NULL) {
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx(U_("unable to create TLS context: %s"), errstr);
goto bad;