From ce780492ba9e471deee337d10e55e6b737cabafa Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Thu, 30 Nov 2017 14:17:13 +0000 Subject: Bump the minimum versions of GnuTLS to 2.0.0 and OpenSSL to 1.0.0. Old TLS libraries should not be used anymore due to security risks. --- src/modules/extra/m_ssl_gnutls.cpp | 5 ----- src/modules/extra/m_ssl_openssl.cpp | 9 ++------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 97fdf504c..56b60de26 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -79,11 +79,6 @@ #define GNUTLS_NEW_PRIO_API #endif -#if (!INSPIRCD_GNUTLS_HAS_VERSION(2, 0, 0)) -typedef gnutls_certificate_credentials_t gnutls_certificate_credentials; -typedef gnutls_dh_params_t gnutls_dh_params; -#endif - enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN }; #if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 1aab0d086..d203ad2f3 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -54,11 +54,6 @@ # pragma comment(lib, "libeay32.lib") #endif -#if ((OPENSSL_VERSION_NUMBER >= 0x10000000L) && (!(defined(OPENSSL_NO_ECDH)))) -// OpenSSL 0.9.8 includes some ECC support, but it's unfinished. Enable only for 1.0.0 and later. -#define INSPIRCD_OPENSSL_ENABLE_ECDH -#endif - // BIO is opaque in OpenSSL 1.1 but the access API does not exist in 1.0 and older. #if ((defined LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)) # define BIO_get_data(BIO) BIO->ptr @@ -162,7 +157,7 @@ namespace OpenSSL return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0); } -#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH +#ifndef OPENSSL_NO_ECDH void SetECDH(const std::string& curvename) { int nid = OBJ_sn2nid(curvename.c_str()); @@ -330,7 +325,7 @@ namespace OpenSSL } } -#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH +#ifndef OPENSSL_NO_ECDH std::string curvename = tag->getString("ecdhcurve", "prime256v1"); if (!curvename.empty()) ctx.SetECDH(curvename); -- cgit v1.2.3