imap-send: avoid deprecated TLSv1_method()

Use SSLv23_method always and disable SSL if needed.

TLSv1_method() function is deprecated in OpenSSL 1.1.0 and the compiler
emits a warning.

SSLv23_method() is also deprecated, but the alternative, TLS_method(),
is new in OpenSSL 1.1.0 so requires checking by configure. Stick to
SSLv23_method() for now (this is aliased to TLS_method()).

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/imap-send.c b/imap-send.c
index e964e2a7fc9a824981d6f5f06d82d8fc11ddd00e..78b6ff64945221b7583c5d4974627373bd44bdd9 100644 (file)
--- a/imap-send.c
+++ b/imap-send.c
@@ -287,11 +287,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
        SSL_library_init();
        SSL_load_error_strings();
 
-       if (use_tls_only)
-               meth = TLSv1_method();
-       else
-               meth = SSLv23_method();
-
+       meth = SSLv23_method();
        if (!meth) {
                ssl_socket_perror("SSLv23_method");
                return -1;
@@ -303,6 +299,9 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
                return -1;
        }
 
+       if (use_tls_only)
+               SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
        if (verify)
                SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);