[ViewVC] Diff of: svn/ircd-hybrid/trunk/src/ircd.c

Comparing ircd-hybrid/trunk/src/ircd.c (file contents):
Revision 4620 by michael, Sun Sep 7 13:03:42 2014 UTC vs.
Revision 4730 by michael, Sat Oct 11 19:16:48 2014 UTC

+ssl_init(void)
+#ifdef HAVE_LIBCRYPTO
-–
+  const unsigned char session_id[] = "ircd-hybrid";
-–
+  SSL_load_error_strings();
+  SSLeay_add_ssl_algorithms();
+    exit(EXIT_FAILURE);
-<
+  SSL_CTX_set_options(ConfigServerInfo.server_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
->
+  SSL_CTX_set_options(ConfigServerInfo.server_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
+  SSL_CTX_set_options(ConfigServerInfo.server_ctx, SSL_OP_SINGLE_DH_USE|SSL_OP_CIPHER_SERVER_PREFERENCE);
+  SSL_CTX_set_verify(ConfigServerInfo.server_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+                     always_accept_verify_cb);
-<
+  SSL_CTX_set_session_id_context(ConfigServerInfo.server_ctx, session_id, sizeof(session_id) - 1);
->
+  SSL_CTX_set_session_cache_mode(ConfigServerInfo.server_ctx, SSL_SESS_CACHE_OFF);
+#if OPENSSL_VERSION_NUMBER >= 0x1000005FL && !defined(OPENSSL_NO_ECDH)
+    exit(EXIT_FAILURE);
-<
+  SSL_CTX_set_options(ConfigServerInfo.client_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
->
+  SSL_CTX_set_options(ConfigServerInfo.client_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
+  SSL_CTX_set_options(ConfigServerInfo.client_ctx, SSL_OP_SINGLE_DH_USE);
+  SSL_CTX_set_verify(ConfigServerInfo.client_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+                     always_accept_verify_cb);
-+
+  SSL_CTX_set_session_cache_mode(ConfigServerInfo.client_ctx, SSL_SESS_CACHE_OFF);
+#endif /* HAVE_LIBCRYPTO */

-–
+Removed lines
-+
+Added lines
-<
+Changed lines (old)
->
+Changed lines (new)