Skip to content

Commit f952caa

Browse files
davidbenevanlucas
davidben
authored and
evanlucas
committed
crypto: clear some SSL_METHOD deprecation warnings
Fixing the rest will be rather involved. I think the cleanest option is to deprecate the method string APIs which are weird to begin with. PR-URL: #16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
1 parent a5e7255 commit f952caa

File tree

1 file changed

+6
-4
lines changed

1 file changed

+6
-4
lines changed

src/node_crypto.cc

+6-4
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,8 @@ static int DH_set0_key(DH* dh, BIGNUM* pub_key, BIGNUM* priv_key) {
185185
return 1;
186186
}
187187

188+
static const SSL_METHOD* TLS_method() { return SSLv23_method(); }
189+
188190
static void SSL_SESSION_get0_ticket(const SSL_SESSION* s,
189191
const unsigned char** tick, size_t* len) {
190192
*len = s->tlsext_ticklen;
@@ -548,12 +550,12 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
548550
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
549551
Environment* env = sc->env();
550552

551-
const SSL_METHOD* method = SSLv23_method();
553+
const SSL_METHOD* method = TLS_method();
552554

553555
if (args.Length() == 1 && args[0]->IsString()) {
554556
const node::Utf8Value sslmethod(env->isolate(), args[0]);
555557

556-
// Note that SSLv2 and SSLv3 are disallowed but SSLv2_method and friends
558+
// Note that SSLv2 and SSLv3 are disallowed but SSLv23_method and friends
557559
// are still accepted. They are OpenSSL's way of saying that all known
558560
// protocols are supported unless explicitly disabled (which we do below
559561
// for SSLv2 and SSLv3.)
@@ -601,7 +603,7 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
601603
sc->ctx_ = SSL_CTX_new(method);
602604
SSL_CTX_set_app_data(sc->ctx_, sc);
603605

604-
// Disable SSLv2 in the case when method == SSLv23_method() and the
606+
// Disable SSLv2 in the case when method == TLS_method() and the
605607
// cipher list contains SSLv2 ciphers (not the default, should be rare.)
606608
// The bundled OpenSSL doesn't have SSLv2 support but the system OpenSSL may.
607609
// SSLv3 is disabled because it's susceptible to downgrade attacks (POODLE.)
@@ -5817,7 +5819,7 @@ void RandomBytesBuffer(const FunctionCallbackInfo<Value>& args) {
58175819
void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
58185820
Environment* env = Environment::GetCurrent(args);
58195821

5820-
SSL_CTX* ctx = SSL_CTX_new(TLSv1_server_method());
5822+
SSL_CTX* ctx = SSL_CTX_new(TLS_method());
58215823
CHECK_NE(ctx, nullptr);
58225824

58235825
SSL* ssl = SSL_new(ctx);

0 commit comments

Comments
 (0)