tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9943 from Icinga/renegotiation-openbsd 

Disable TLS renegotiation and fix compile error on OpenBSD
This commit is contained in:
Julian Brost 2025-01-30 15:50:07 +01:00 committed by GitHub
parent fe85bf1295 e1a4390b9c
commit 51c6a58657
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/base/tlsutility.cpp
View File

@ -93,7 +93,9 @@ static void InitSslContext(const Shared<boost::asio::ssl::context>::Ptr& context
flags |= SSL_OP_CIPHER_SERVER_PREFERENCE;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifdef LIBRESSL_VERSION_NUMBER
flags |= SSL_OP_NO_CLIENT_RENEGOTIATION;
#elif OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_CTX_set_info_callback(sslContext, [](const SSL* ssl, int where, int) {
if (where & SSL_CB_HANDSHAKE_DONE) {
ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;