From a871668397d9c06484c50d05b35daa691ce961d4 Mon Sep 17 00:00:00 2001 From: arvidn Date: Thu, 26 Mar 2020 21:40:39 +0100 Subject: [PATCH] TLS version should not be configurable. it's deprecated in openssl --- include/libtorrent/aux_/openssl.hpp | 3 --- include/libtorrent/config.hpp | 8 -------- include/libtorrent/settings_pack.hpp | 18 ------------------ src/openssl.cpp | 15 --------------- src/session_impl.cpp | 4 ++-- src/settings_pack.cpp | 5 ----- src/torrent.cpp | 3 +-- test/settings.cpp | 3 --- 8 files changed, 3 insertions(+), 56 deletions(-) diff --git a/include/libtorrent/aux_/openssl.hpp b/include/libtorrent/aux_/openssl.hpp index 4a2f547da..2084e6ceb 100644 --- a/include/libtorrent/aux_/openssl.hpp +++ b/include/libtorrent/aux_/openssl.hpp @@ -101,9 +101,6 @@ TORRENT_EXTRA_EXPORT GENERAL_NAME* openssl_general_name_value(GENERAL_NAMES* gen #endif // OPENSSL_VERSION_NUMBER -// converts setting_pack::ssl_version_t enum into asio version -ssl::context::method ssl_version(int const v); - } // aux } // libtorrent diff --git a/include/libtorrent/config.hpp b/include/libtorrent/config.hpp index f323f4b06..b6d30f7cb 100644 --- a/include/libtorrent/config.hpp +++ b/include/libtorrent/config.hpp @@ -568,14 +568,6 @@ constexpr std::size_t TORRENT_WRITE_HANDLER_MAX_SIZE = 342; #endif #endif // TORRENT_HAS_ARM_CRC32 -#ifndef TORRENT_USE_TLS13 -#if BOOST_VERSION >= 106900 -#define TORRENT_USE_TLS13 1 -#else -#define TORRENT_USE_TLS13 0 -#endif -#endif - namespace libtorrent {} // create alias diff --git a/include/libtorrent/settings_pack.hpp b/include/libtorrent/settings_pack.hpp index 0d061091e..5b296149c 100644 --- a/include/libtorrent/settings_pack.hpp +++ b/include/libtorrent/settings_pack.hpp @@ -1752,12 +1752,6 @@ namespace aux { // lower than 5 minutes. upnp_lease_duration, - // the SSL/TLS version to use for HTTPS trackers and SSL torrents. Set - // it to one of the ssl_version_t values. This setting only takes - // effect when passed in to the session constructor. It cannot be - // changed once the session has been constructed. - ssl_version, - max_int_setting_internal }; @@ -1771,18 +1765,6 @@ namespace aux { enum suggest_mode_t : std::uint8_t { no_piece_suggestions = 0, suggest_read_cache = 1 }; - enum ssl_version_t : std::uint8_t - { - // TLS version 1.1 - tls11, - // TLS version 1.2 - tls12, -#if TORRENT_USE_TLS13 - // TLS version 1.3 - tls13, -#endif - }; - enum choking_algorithm_t : std::uint8_t { fixed_slots_choker = 0, diff --git a/src/openssl.cpp b/src/openssl.cpp index 5a486018b..638931db9 100644 --- a/src/openssl.cpp +++ b/src/openssl.cpp @@ -76,21 +76,6 @@ GENERAL_NAME* openssl_general_name_value(GENERAL_NAMES* gens, int i) #endif // OPENSSL_VERSION_NUMBER -ssl::context::method ssl_version(int const v) -{ - switch (v) - { - case settings_pack::tls11: return ssl::context::tlsv11; - case settings_pack::tls12: return ssl::context::tlsv12; -#if TORRENT_USE_TLS13 - case settings_pack::tls13: return ssl::context::tlsv13; - default: return ssl::context::tlsv13; -#else - default: return ssl::context::tlsv12; -#endif - }; -} - #endif // TORRENT_USE_OPENSSL } diff --git a/src/session_impl.cpp b/src/session_impl.cpp index d7b063486..2b8fd9ee9 100644 --- a/src/session_impl.cpp +++ b/src/session_impl.cpp @@ -454,8 +454,8 @@ namespace aux { : m_settings(pack) , m_io_service(ios) #ifdef TORRENT_USE_OPENSSL - , m_ssl_ctx(ssl_version(pack.get_int(settings_pack::ssl_version))) - , m_peer_ssl_ctx(ssl_version(pack.get_int(settings_pack::ssl_version))) + , m_ssl_ctx(ssl::context::tls_client) + , m_peer_ssl_ctx(ssl::context::tls) #endif , m_alerts(m_settings.get_int(settings_pack::alert_queue_size) , alert_category_t{static_cast(m_settings.get_int(settings_pack::alert_mask))}) diff --git a/src/settings_pack.cpp b/src/settings_pack.cpp index 4ae3a671e..3488d75db 100644 --- a/src/settings_pack.cpp +++ b/src/settings_pack.cpp @@ -351,11 +351,6 @@ constexpr int CLOSE_FILE_INTERVAL = 0; SET(resolver_cache_timeout, 1200, &session_impl::update_resolver_cache_timeout), SET(send_not_sent_low_watermark, 16384, nullptr), SET(upnp_lease_duration, 3600, nullptr), -#if TORRENT_USE_TLS13 - SET(ssl_version, settings_pack::tls13, nullptr), -#else - SET(ssl_version, settings_pack::tls12, nullptr), -#endif }}); #undef SET diff --git a/src/torrent.cpp b/src/torrent.cpp index 088482911..3ed8ac9b5 100644 --- a/src/torrent.cpp +++ b/src/torrent.cpp @@ -1642,8 +1642,7 @@ bool is_downloading_state(int const st) // create the SSL context for this torrent. We need to // inject the root certificate, and no other, to // verify other peers against - std::unique_ptr ctx(new context( - aux::ssl_version(settings().get_int(settings_pack::ssl_version)))); + std::unique_ptr ctx(new context(context::tls)); if (!ctx) { diff --git a/test/settings.cpp b/test/settings.cpp index e517a5f35..9082c456d 100644 --- a/test/settings.cpp +++ b/test/settings.cpp @@ -87,9 +87,6 @@ lt::settings_pack settings() pack.set_int(settings_pack::half_open_limit, 1); #endif - // to be compatible with python - pack.set_int(settings_pack::ssl_version, settings_pack::tls12); - return pack; }