From cc02a6c30af164f087e07f546f4177d0b9cf3bcb Mon Sep 17 00:00:00 2001
From: bptato <nincsnevem662@gmail.com>
Date: Wed, 1 Nov 2023 22:42:42 +0100
Subject: gmifetch: properly set minimum TLS version, include string.h

* Setting minimum TLS versions by SSL_CTX_set_options is deprecated,
  and we were doing it wrong anyway. Use SSL_CTX_set_min_proto_version
  instead.
* Include string.h header to reduce clang whining.
---
 bonus/gmifetch/gmifetch.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'bonus/gmifetch')

diff --git a/bonus/gmifetch/gmifetch.c b/bonus/gmifetch/gmifetch.c
index 85a7416b..94b3b18d 100644
--- a/bonus/gmifetch/gmifetch.c
+++ b/bonus/gmifetch/gmifetch.c
@@ -22,6 +22,7 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <pwd.h>
+#include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
 
@@ -148,13 +149,10 @@ static BIO *conn;
 
 static void setup_ssl(void)
 {
-#define FLAGS (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | \
-	SSL_OP_NO_TLSv1_1)
-
 	SSL_library_init();
 	SSL_load_error_strings();
 	ssl_ctx = SSL_CTX_new(TLS_client_method());
-	SSL_CTX_set_options(ssl_ctx, FLAGS);
+	SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_2_VERSION);
 	if (!(conn = BIO_new_ssl_connect(ssl_ctx)))
 		SDIE("Error creating BIO");
 #undef FLAGS
-- 
cgit 1.4.1-2-gfad0