summaryrefslogtreecommitdiff
path: root/src/network.c
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2016-12-23 07:36:30 -0500
committerGlenn Strauss <gstrauss@gluelogic.com>2016-12-23 07:36:30 -0500
commit38d00abd8f75b2b6437babe8d66390aea71a6164 (patch)
tree4b34c83d4bd8866f7cf9f1bec9a5d1b917b46210 /src/network.c
parenta09d80dfd18258f0e56dbd67323024628bf01a9e (diff)
downloadlighttpd1.4-38d00abd8f75b2b6437babe8d66390aea71a6164.tar.gz
lighttpd1.4-38d00abd8f75b2b6437babe8d66390aea71a6164.zip
[TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op
silence coverity warning openssl 1.1.0 makes SSL_OP_NO_SSLv2 flag a no-op, leading to logically dead code when used with openssl 1.1.0. However, the code is still valid with earlier openssl versions, and so must be preserved.
Diffstat (limited to 'src/network.c')
-rw-r--r--src/network.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/network.c b/src/network.c
index 6bd5a08b..b46dcf71 100644
--- a/src/network.c
+++ b/src/network.c
@@ -841,7 +841,7 @@ int network_init(server *srv) {
SSL_CTX_set_options(s->ssl_ctx, ssloptions);
SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);
- if (!s->ssl_use_sslv2) {
+ if (!s->ssl_use_sslv2 && 0 != SSL_OP_NO_SSLv2) {
/* disable SSLv2 */
if ((SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) != SSL_OP_NO_SSLv2) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
@@ -850,7 +850,7 @@ int network_init(server *srv) {
}
}
- if (!s->ssl_use_sslv3) {
+ if (!s->ssl_use_sslv3 && 0 != SSL_OP_NO_SSLv3) {
/* disable SSLv3 */
if ((SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3)) != SSL_OP_NO_SSLv3) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",