passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop support for redundant EC curves

This commit is contained in:
Davide De Rosa 2018-08-23 17:14:12 +02:00
parent 8c3c7b614c
commit 6a71ada1c8
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
TunnelKit/Sources/Core/TLSBox.m
View File

@ -106,13 +106,11 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) {
- (BOOL)startWithError:(NSError *__autoreleasing *)error - (BOOL)startWithError:(NSError *__autoreleasing *)error
{ {
if (!TLSBoxIsOpenSSLLoaded) { if (!TLSBoxIsOpenSSLLoaded) {
// OPENSSL_init_ssl(0, NULL);
TLSBoxIsOpenSSLLoaded = YES; TLSBoxIsOpenSSLLoaded = YES;
} }
self.ctx = SSL_CTX_new(TLS_client_method()); self.ctx = SSL_CTX_new(TLS_client_method());
SSL_CTX_set_options(self.ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION); SSL_CTX_set_options(self.ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
if (self.caPath) { if (self.caPath) {
SSL_CTX_set_verify(self.ctx, SSL_VERIFY_PEER, TLSBoxVerifyPeer); SSL_CTX_set_verify(self.ctx, SSL_VERIFY_PEER, TLSBoxVerifyPeer);
if (!SSL_CTX_load_verify_locations(self.ctx, [self.caPath cStringUsingEncoding:NSASCIIStringEncoding], NULL)) { if (!SSL_CTX_load_verify_locations(self.ctx, [self.caPath cStringUsingEncoding:NSASCIIStringEncoding], NULL)) {
@ -126,7 +124,6 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) {
else { else {
SSL_CTX_set_verify(self.ctx, SSL_VERIFY_NONE, NULL); SSL_CTX_set_verify(self.ctx, SSL_VERIFY_NONE, NULL);
} }
SSL_CTX_set1_curves_list(self.ctx, "X25519:prime256v1:secp521r1:secp384r1:secp256k1");
self.ssl = SSL_new(self.ctx); self.ssl = SSL_new(self.ctx);