SSLv3_client_method() doesn't support TLSv1.*; use SSLv23_client_method()

the for anything where version negotiation would be useful. Also, constipate a couple formatting strings to make compilers and linkers happier. ok tedu@
author: guenther <> 2014-04-16 17:52:31 +0000
committer: guenther <> 2014-04-16 17:52:31 +0000
commit: 80df2005d14af067c12bee6b5c4c382edaa97edb (patch)
tree: a2d31c80471b3e7fe06f28545c239ee473c6ab3f /src
parent: cfac0f1df33b9dbd3cb6935b4fcc54f2ef14b7d5 (diff)
download: openbsd-80df2005d14af067c12bee6b5c4c382edaa97edb.tar.gz
openbsd-80df2005d14af067c12bee6b5c4c382edaa97edb.tar.bz2
openbsd-80df2005d14af067c12bee6b5c4c382edaa97edb.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index 1713467c08..e5edc3017d 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -1257,7 +1257,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
        {
-        char http_resp[] = 
+        static const char http_resp[] = 
                "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
                "Content-Length: %d\r\n\r\n";
        if (!cbio)
@@ -1383,7 +1383,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
        if (use_ssl == 1)
                {
                BIO *sbio;
-                ctx = SSL_CTX_new(SSLv3_client_method());
+                ctx = SSL_CTX_new(SSLv23_client_method());
                if (ctx == NULL)
                        {
                        BIO_printf(err, "Error creating SSL context.\n");
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c
index 1ec2a975c6..5f02e5fd03 100644
--- a/src/lib/libssl/src/apps/s_time.c
+++ b/src/lib/libssl/src/apps/s_time.c
@@ -160,7 +160,7 @@ static void s_time_init(void)
 */
 static void s_time_usage(void)
 {
-        static char umsg[] = "\
+        static const char umsg[] = "\
 -time arg     - max number of seconds to collect data, default %d\n\
 -verify arg   - turn on peer certificate verification, arg == depth\n\
 -cert arg     - certificate file to use, PEM format assumed\n\
@@ -332,7 +332,7 @@ int MAIN(int argc, char **argv)
        if (bio_err == NULL)
                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-        s_time_meth=SSLv3_client_method();
+        s_time_meth=SSLv23_client_method();
        /* parse the command line arguments */
        if( parseArgs( argc, argv ) < 0 )
author	guenther <>	2014-04-16 17:52:31 +0000
committer	guenther <>	2014-04-16 17:52:31 +0000
commit	80df2005d14af067c12bee6b5c4c382edaa97edb (patch)
tree	a2d31c80471b3e7fe06f28545c239ee473c6ab3f /src
parent	cfac0f1df33b9dbd3cb6935b4fcc54f2ef14b7d5 (diff)
download	openbsd-80df2005d14af067c12bee6b5c4c382edaa97edb.tar.gz openbsd-80df2005d14af067c12bee6b5c4c382edaa97edb.tar.bz2 openbsd-80df2005d14af067c12bee6b5c4c382edaa97edb.zip

diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c index 1713467c08..e5edc3017d 100644 --- a/src/lib/libssl/src/apps/ocsp.c +++ b/src/lib/libssl/src/apps/ocsp.c
@@ -1257,7 +1257,7 @@ static int do_responder(OCSP_REQUEST preq, BIO pcbio, BIO acbio, char port
1257		1257
1258	static int send_ocsp_response(BIO cbio, OCSP_RESPONSE resp)	1258	static int send_ocsp_response(BIO cbio, OCSP_RESPONSE resp)
1259	{	1259	{
1260	char http_resp[] =	1260	static const char http_resp[] =
1261	"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"	1261	"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
1262	"Content-Length: %d\r\n\r\n";	1262	"Content-Length: %d\r\n\r\n";
1263	if (!cbio)	1263	if (!cbio)
@@ -1383,7 +1383,7 @@ OCSP_RESPONSE process_responder(BIO err, OCSP_REQUEST *req,
1383	if (use_ssl == 1)	1383	if (use_ssl == 1)
1384	{	1384	{
1385	BIO *sbio;	1385	BIO *sbio;
1386	ctx = SSL_CTX_new(SSLv3_client_method());	1386	ctx = SSL_CTX_new(SSLv23_client_method());
1387	if (ctx == NULL)	1387	if (ctx == NULL)
1388	{	1388	{
1389	BIO_printf(err, "Error creating SSL context.\n");	1389	BIO_printf(err, "Error creating SSL context.\n");


diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c index 1ec2a975c6..5f02e5fd03 100644 --- a/src/lib/libssl/src/apps/s_time.c +++ b/src/lib/libssl/src/apps/s_time.c
@@ -160,7 +160,7 @@ static void s_time_init(void)
160	*/	160	*/
161	static void s_time_usage(void)	161	static void s_time_usage(void)
162	{	162	{
163	static char umsg[] = "\	163	static const char umsg[] = "\
164	-time arg - max number of seconds to collect data, default %d\n\	164	-time arg - max number of seconds to collect data, default %d\n\
165	-verify arg - turn on peer certificate verification, arg == depth\n\	165	-verify arg - turn on peer certificate verification, arg == depth\n\
166	-cert arg - certificate file to use, PEM format assumed\n\	166	-cert arg - certificate file to use, PEM format assumed\n\
@@ -332,7 +332,7 @@ int MAIN(int argc, char **argv)
332	if (bio_err == NULL)	332	if (bio_err == NULL)
333	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	333	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
334		334
335	s_time_meth=SSLv3_client_method();	335	s_time_meth=SSLv23_client_method();
336		336
337	/* parse the command line arguments */	337	/* parse the command line arguments */
338	if( parseArgs( argc, argv ) < 0 )	338	if( parseArgs( argc, argv ) < 0 )