From: Jeffrey Walton <noloader@gmail.com>
Date: Thu, 6 Feb 2020 13:17:14 +0000 (-0500)
Subject: Update ldns-dane example to use OpenSSL context options
X-Git-Tag: 1.8.0-rc.1~74^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F62%2Fhead;p=thirdparty%2Fldns.git

Update ldns-dane example to use OpenSSL context options
---

diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index d0898249..4c31fd8f 100644
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -1703,6 +1703,20 @@ main(int argc, char* const* argv)
 	if (ctx && SSL_CTX_dane_enable(ctx) <= 0) {
 		ssl_err("could not SSL_CTX_dane_enable");
 	}
+
+	/* Use TLSv1.0 or above for connection. */
+	long flags = 0;
+# ifdef SSL_OP_NO_SSLv2
+	flags |= SSL_OP_NO_SSLv2;
+# endif
+# ifdef SSL_OP_NO_SSLv3
+	flags |= SSL_OP_NO_SSLv3;
+# endif
+# ifdef SSL_OP_NO_COMPRESSION
+	flags |= SSL_OP_NO_COMPRESSION;
+# endif
+	SSL_CTX_set_options(ctx, flags);
+
 	if (CAfile || CApath) {
 		if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
 			ssl_err("could not set verify locations\n");