From be31ab4659438bba66e0b2765c522c33219fa8cc Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Sun, 6 Mar 2016 23:17:32 +0100
Subject: Use TLS_method() for new SSL context if it exists.

---
 tlscommon.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'tlscommon.c')

diff --git a/tlscommon.c b/tlscommon.c
index 39eaf20..ee81d71 100644
--- a/tlscommon.c
+++ b/tlscommon.c
@@ -203,8 +203,14 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
     switch (type) {
 #ifdef RADPROT_TLS
     case RAD_TLS:
-	ctx = SSL_CTX_new(SSLv23_method());
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+        /* TLS_method() was introduced in OpenSSL 1.1.0. */
+	ctx = SSL_CTX_new(TLS_method());
+#else
+        /* No TLS_method(), use SSLv23_method() and disable SSLv2 and SSLv3. */
+        ctx = SSL_CTX_new(SSLv23_method());
         SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+#endif
 #ifdef DEBUG
 	SSL_CTX_set_info_callback(ctx, ssl_info_callback);
 #endif
-- 
cgit v1.1