From 6404663b4588d606adfc06dbceeca24a4c748122 Mon Sep 17 00:00:00 2001 From: Luke Bratch Date: Thu, 2 Apr 2026 21:13:20 +0200 Subject: Remove/update deprecated OpenSSL functions, change certificate PEM loading to allow loading a chain rather than just a single certificate. --- sockets.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'sockets.c') diff --git a/sockets.c b/sockets.c index 0f0eefd..e4c8a00 100644 --- a/sockets.c +++ b/sockets.c @@ -173,9 +173,9 @@ SSL_CTX *create_openssl_context(int type) { SSL_CTX *ctx; if (type == 0) { - method = SSLv23_client_method(); + method = TLS_client_method(); } else { - method = SSLv23_server_method(); + method = TLS_server_method(); } ctx = SSL_CTX_new(method); @@ -192,15 +192,13 @@ SSL_CTX *create_openssl_context(int type) { // Configure OpenSSL context, with certfile and keyfile provided if // IRC server-side or set to NULL if bouncer client-side void configure_openssl_context(SSL_CTX *ctx, char *certfile, char *keyfile) { - SSL_CTX_set_ecdh_auto(ctx, 1); - /* Set the key and cert if set or return if not */ if (certfile == NULL || keyfile == NULL) { return; } - if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) { + if (SSL_CTX_use_certificate_chain_file(ctx, certfile) <= 0) { ERR_print_errors_fp(stderr); printf("Couldn't load certificate file '%s'. Hint: You can generate your own with OpenSSL. Once created, set its location in blabouncer.conf which by default is in ~/.blabouncer/.\n", certfile); debugprint(DEBUG_CRIT, "Couldn't load certificate file '%s'. Hint: You can generate your own with OpenSSL. Once created, set its location in blabouncer.conf which by default is in ~/.blabouncer/.\n", certfile); -- cgit v1.3