diff --git a/libs/iksemel/include/iksemel.h b/libs/iksemel/include/iksemel.h index 2b11070671..dc6df91022 100644 --- a/libs/iksemel/include/iksemel.h +++ b/libs/iksemel/include/iksemel.h @@ -226,7 +226,7 @@ void iks_disconnect (iksparser *prs); int iks_has_tls (void); int iks_is_secure (iksparser *prs); int iks_start_tls (iksparser *prs); -int iks_proceed_tls (iksparser *prs, const char *cert_file, const char *key_file, int use_ssl); +int iks_proceed_tls (iksparser *prs, const char *cert_file, const char *key_file); int iks_start_sasl (iksparser *prs, enum ikssasltype type, char *username, char *pass); /***** jabber *****/ diff --git a/libs/iksemel/src/stream.c b/libs/iksemel/src/stream.c index 658c40207c..eda6cb0fe7 100644 --- a/libs/iksemel/src/stream.c +++ b/libs/iksemel/src/stream.c @@ -36,7 +36,6 @@ typedef unsigned __int32 uint32_t; #define SF_TRY_SECURE 2 #define SF_SECURE 4 #define SF_SERVER 8 -#define SF_SSLv23 16 struct stream_data { iksparser *prs; @@ -319,11 +318,7 @@ handshake (struct stream_data *data) SSL_load_error_strings(); if (data->flags & SF_SERVER) { - if (data->flags & SF_SSLv23) { - data->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); - } else { - data->ssl_ctx = SSL_CTX_new(TLSv1_server_method()); - } + data->ssl_ctx = SSL_CTX_new(TLSv1_server_method()); if(!data->ssl_ctx) return IKS_NOMEM; if (SSL_CTX_use_certificate_file(data->ssl_ctx, data->cert_file, SSL_FILETYPE_PEM) <= 0) { @@ -985,7 +980,7 @@ iks_start_tls (iksparser *prs) } int -iks_proceed_tls (iksparser *prs, const char *cert_file, const char *key_file, int use_ssl) +iks_proceed_tls (iksparser *prs, const char *cert_file, const char *key_file) { #ifdef HAVE_GNUTLS int ret; @@ -996,9 +991,6 @@ iks_proceed_tls (iksparser *prs, const char *cert_file, const char *key_file, in data->cert_file = iks_stack_strdup(data->s, cert_file, 0); data->key_file = iks_stack_strdup(data->s, key_file, 0); data->flags |= SF_TRY_SECURE | SF_SERVER; - if (use_ssl) { - data->flags |= SF_SSLv23; - } return handshake (data); #elif HAVE_SSL int ret; @@ -1009,9 +1001,6 @@ iks_proceed_tls (iksparser *prs, const char *cert_file, const char *key_file, in data->cert_file = iks_stack_strdup(data->s, cert_file, 0); data->key_file = iks_stack_strdup(data->s, key_file, 0); data->flags |= SF_TRY_SECURE | SF_SERVER; - if (use_ssl) { - data->flags |= SF_SSLv23; - } return handshake (data); #else return IKS_NET_NOTSUPP; diff --git a/src/mod/event_handlers/mod_rayo/xmpp_streams.c b/src/mod/event_handlers/mod_rayo/xmpp_streams.c index cf5aafb413..7fe27e22fb 100644 --- a/src/mod/event_handlers/mod_rayo/xmpp_streams.c +++ b/src/mod/event_handlers/mod_rayo/xmpp_streams.c @@ -450,7 +450,7 @@ static void xmpp_send_outbound_server_header(struct xmpp_stream *stream) static void on_stream_starttls(struct xmpp_stream *stream, iks *node) { /* wait for handshake to start */ - if (iks_proceed_tls(stream->parser, stream->context->cert_pem_file, stream->context->key_pem_file, 1) == IKS_OK) { + if (iks_proceed_tls(stream->parser, stream->context->cert_pem_file, stream->context->key_pem_file) == IKS_OK) { stream->state = XSS_SECURE; } else { stream->state = XSS_ERROR;