dnl Check boost ASIO SSL
AC_CHECK_HEADERS([boost/asio/ssl.hpp],,
[AC_MSG_ERROR([Missing required boost ssl header file])])
+ dnl Check if the generic TLS method is available
+ AC_MSG_CHECKING([Generic TLS method])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([#include <boost/asio/ssl.hpp>],
+ [auto ctx(boost::asio::ssl::context::tls);])],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE([HAVE_GENERIC_TLS_METHOD], [1],
+ [Define to 1 if boost::asio::ssl::context::tls is available])],
+ [AC_MSG_RESULT(no)])
LIBS=${LIBS_SAVED}
CPPFLAGS=${CPPFLAGS_SAVED}
fi
namespace isc {
namespace asiolink {
+// Enforce TLS 1.2 when the generic TLS method is not available (i.e.
+// the boost version is older than 1.64.0).
TlsContext::TlsContext(TlsRole role)
: TlsContextBase(role), cert_required_(true),
- context_(context::method::tls) {
+#ifdef HAVE_GENERIC_TLS_METHOD
+ context_(context::method::tls)
+#else
+ context_(context::method::tlsv12)
+#endif
+{
// Not leave the verify mode to OpenSSL default.
setCertRequired(true);
}
tcp::resolver resolver(io_context);
auto endpoints = resolver.resolve(argv[1], argv[2]);
+#ifdef HAVE_GENERIC_TLS_METHOD
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);
+#else
+ boost::asio::ssl::context ctx(boost::asio::ssl::context::tlsv12);
+#endif
ctx.load_verify_file(CA_("kea-ca.crt"));
ctx.use_certificate_chain_file(CA_("kea-client.crt"));
ctx.use_private_key_file(CA_("kea-client.key"),
: io_context_(io_context),
acceptor_(io_context,
boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), port)),
+#ifdef HAVE_GENERIC_TLS_METHOD
context_(boost::asio::ssl::context::tls)
+#else
+ context_(boost::asio::ssl::context::tlsv12)
+#endif
{
//context_.set_options(
// boost::asio::ssl::context::default_workarounds
projects / thirdparty / kea.git / commitdiff
