diff options
| -rw-r--r-- | dpi/https.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/dpi/https.c b/dpi/https.c index 9aea31e5..e6d2b0e9 100644 --- a/dpi/https.c +++ b/dpi/https.c @@ -75,8 +75,9 @@ #ifdef ENABLE_SSL -#include <openssl/ssl.h> +#include <openssl/err.h> #include <openssl/rand.h> +#include <openssl/ssl.h> static int get_network_connection(char * url); static int handle_certificate_problem(SSL * ssl_connection); @@ -155,6 +156,11 @@ static void yes_ssl_support(void) } } + /* Do not use the SSLv2 protocol. */ + if (exit_error == 0){ + SSL_CTX_set_options(ssl_context, SSL_OP_NO_SSLv2); + } + /*Set directory to load certificates from*/ /*FIXME - provide for sysconfdir variables and such*/ if (exit_error == 0){ @@ -286,6 +292,7 @@ static void yes_ssl_support(void) /*Actually do SSL connection handshake*/ if (SSL_connect(ssl_connection) != 1){ MSG("SSL_connect failed\n"); + ERR_print_errors_fp(stderr); exit_error = 1; } } |