Remove/update deprecated OpenSSL functions, change certificate PEM loading to allow loading a chain rather than just a single certificate.

1 files changed, 3 insertions, 5 deletions

diff --git a/sockets.c b/sockets.c
index 0f0eefd..e4c8a00 100644
--- a/sockets.c
+++ b/sockets.c
@@ -173,9 +173,9 @@ SSL_CTX *create_openssl_context(int type) {
   SSL_CTX *ctx;
 
   if (type == 0) {
-    method = SSLv23_client_method();
+    method = TLS_client_method();
   } else {
-    method = SSLv23_server_method();
+    method = TLS_server_method();
   }
 
   ctx = SSL_CTX_new(method);
@@ -192,15 +192,13 @@ SSL_CTX *create_openssl_context(int type) {
 // Configure OpenSSL context, with certfile and keyfile provided if
 // IRC server-side or set to NULL if bouncer client-side
 void configure_openssl_context(SSL_CTX *ctx, char *certfile, char *keyfile) {
-  SSL_CTX_set_ecdh_auto(ctx, 1);
-
   /* Set the key and cert if set or return if not */
 
   if (certfile == NULL || keyfile == NULL) {
     return;
   }
 
-  if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) {
+  if (SSL_CTX_use_certificate_chain_file(ctx, certfile) <= 0) {
     ERR_print_errors_fp(stderr);
     printf("Couldn't load certificate file '%s'.  Hint: You can generate your own with OpenSSL.  Once created, set its location in blabouncer.conf which by default is in ~/.blabouncer/.\n", certfile);
     debugprint(DEBUG_CRIT, "Couldn't load certificate file '%s'.  Hint: You can generate your own with OpenSSL.  Once created, set its location in blabouncer.conf which by default is in ~/.blabouncer/.\n", certfile);