Set SSL security level explicitly (#406)
Default value may have been raised in OpenSSL 3, disrupting operation with less secure certificates.
This commit is contained in:
parent
a255379679
commit
faa3c94391
|
@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
- OpenVPN: Bad error mapping. [#404](https://github.com/passepartoutvpn/tunnelkit/pull/404)
|
- OpenVPN: Bad error mapping. [#404](https://github.com/passepartoutvpn/tunnelkit/pull/404)
|
||||||
|
- OpenVPN: Restore default security level. [#406](https://github.com/passepartoutvpn/tunnelkit/pull/406)
|
||||||
|
|
||||||
## 6.3.1 (2024-01-05)
|
## 6.3.1 (2024-01-05)
|
||||||
|
|
||||||
|
|
|
@ -214,9 +214,7 @@ static BIO *create_BIO_from_PEM(NSString *pem) {
|
||||||
self.ctx = SSL_CTX_new(TLS_client_method());
|
self.ctx = SSL_CTX_new(TLS_client_method());
|
||||||
SSL_CTX_set_options(self.ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
|
SSL_CTX_set_options(self.ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
|
||||||
SSL_CTX_set_verify(self.ctx, SSL_VERIFY_PEER, TLSBoxVerifyPeer);
|
SSL_CTX_set_verify(self.ctx, SSL_VERIFY_PEER, TLSBoxVerifyPeer);
|
||||||
if (self.securityLevel != TLSBoxDefaultSecurityLevel) {
|
|
||||||
SSL_CTX_set_security_level(self.ctx, (int)self.securityLevel);
|
SSL_CTX_set_security_level(self.ctx, (int)self.securityLevel);
|
||||||
}
|
|
||||||
|
|
||||||
if (self.caPath) {
|
if (self.caPath) {
|
||||||
if (!SSL_CTX_load_verify_locations(self.ctx, [self.caPath cStringUsingEncoding:NSASCIIStringEncoding], NULL)) {
|
if (!SSL_CTX_load_verify_locations(self.ctx, [self.caPath cStringUsingEncoding:NSASCIIStringEncoding], NULL)) {
|
||||||
|
|
Loading…
Reference in New Issue