gmifetch: properly set minimum TLS version, include string.h

* Setting minimum TLS versions by SSL_CTX_set_options is deprecated, and we were doing it wrong anyway. Use SSL_CTX_set_min_proto_version instead. * Include string.h header to reduce clang whining.
author: bptato <nincsnevem662@gmail.com> 2023-11-01 22:42:42 +0100
committer: bptato <nincsnevem662@gmail.com> 2023-11-01 22:46:24 +0100
commit: cc02a6c30af164f087e07f546f4177d0b9cf3bcb (patch)
tree: ce8b3c5a8137949a76f3a6e05d17af60b61f940b /bonus
parent: 31bd1c9e12f28ab301d0799f12ac9519d415b7f3 (diff)
download: chawan-cc02a6c30af164f087e07f546f4177d0b9cf3bcb.tar.gz
1 files changed, 2 insertions, 4 deletions
diff --git a/bonus/gmifetch/gmifetch.c b/bonus/gmifetch/gmifetch.c
index 85a7416b..94b3b18d 100644
--- a/bonus/gmifetch/gmifetch.c
+++ b/bonus/gmifetch/gmifetch.c
@@ -22,6 +22,7 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <pwd.h>
+#include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
 
@@ -148,13 +149,10 @@ static BIO *conn;
 
 static void setup_ssl(void)
 {
-#define FLAGS (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | \
-	SSL_OP_NO_TLSv1_1)
-
 	SSL_library_init();
 	SSL_load_error_strings();
 	ssl_ctx = SSL_CTX_new(TLS_client_method());
-	SSL_CTX_set_options(ssl_ctx, FLAGS);
+	SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_2_VERSION);
 	if (!(conn = BIO_new_ssl_connect(ssl_ctx)))
 		SDIE("Error creating BIO");
 #undef FLAGS
author	bptato <nincsnevem662@gmail.com>	2023-11-01 22:42:42 +0100
committer	bptato <nincsnevem662@gmail.com>	2023-11-01 22:46:24 +0100
commit	cc02a6c30af164f087e07f546f4177d0b9cf3bcb (patch)
tree	ce8b3c5a8137949a76f3a6e05d17af60b61f940b /bonus
parent	31bd1c9e12f28ab301d0799f12ac9519d415b7f3 (diff)
download	chawan-cc02a6c30af164f087e07f546f4177d0b9cf3bcb.tar.gz